Dangl.Identity.Client Public Changelog for Version 5.0.0
Update to .NET 7 & latest Dangl.Identity dependencies
The lifecycle management in the Angular client was updated to correctly complete and unsubscribe from all subscriptions
Fixed a bug in the DanglIdentityUserInfoUpdater that caused exceptions when new users were created from JWT tokens concurrently
The Angular client was updated to use any Angular version at v14 or upwards
The Angular client was updated to Angular v14
The client libraries and tests were updated to .NET 6 and Dangl.Identity dependencies were updated to v4.2
Updated the frontend dependency to Angular v13
All packages were updated to Dangl.Identity v4 and to .NET 5
Support for fallback uris for Dangl.Identity has been removed. This was rarely used in practice, and makes integrations in clients easier
The Angular package was upgraded to Angular v12
The DanglIdentityServerConfiguration.HttpMessageHandlerFactory will now no longer default to an Action that returns null but will itself be set to null for new instances
The .NET client now uses System.Text.Json internally instead of Newtonsoft.Json for Json serialization
Added IDanglIdentityRequestValidator to Angular client to allow developers to control for which requests authorization tokens are included
DanglIdentityAuthenticationExtensions.UseDanglIdentityJwtTokenAuthentication now optionally supports to accept access tokens via query parameters, e.g. for usage in SignalR
DanglIdentityServerConfiguration.JwtBearerOptionsConfig was added as a way to customize the AddJwtBearer configuration
Bugfix in the Angular library where a subscription to the token refresh event did not end after the first event
The DanglIdentityAuthenticationExtensions will now log the id of the client used for JWT logins
The DanglIdentityServerConfiguration class now has the AllowInsecureJwtIssuers property that allows to disable the Https requirement for token issuers
Fixed a bug in the Angular library where refresh token requests were cancelled when a dependency requested a refresh token but then cancelled the request. This led to the refresh token becoming invalid, thus requiring a reauthentication from the user
The Angular library was updated to Angular v10
The UseDanglIdentityJwtTokenAuthentication extension will now also work when the configured base urls have a trailing slash /
Added the ClaimsUtilities class for helping with managing claims from Jwt tokens
When performing a non-OpenID Cookie login, all user claims except some ignored ones will now be put on the user principal
Fixed an error where the IUserInfoService.GetCurrentUserIdAsync() method could throw an exception when the user id was only present in the sub claim and not in the ASP.NET Core default nameidentifier
The OpenID Extensions now remove the default claim type mapping and directly use the claim types from the JWT token, e.g. role is now directly available as a claim
Update to Dangl.Identity v3.0.0 and to .NET Core 3.1
The OpenID Connect extensions now check the access_token expiry and refresh the token if necessary. Additionally, locked out or deleted users are now also removed from client applications
When using the OpenID Connect extensions, it internally now calls AddIdentityCore instead of AddIdentity and adds some required services. This might break client applications that rely on services now no longer included. Consumers should manually add these to the dependency injection configuration
The AddMvcWithDanglIdentity extension was renamed to AddControllersWithDanglIdentity and the internal call to AddMvc was replaced with AddControllers. If required, consumers should manually call AddMvc in their apps
The Angular library was updated to Angular v9.1.9
Added UserInfo and AccessTokenExtensions in Dangl.Identity.Client
Added checks for the UserInfoService in the Dangl.Identity.Client.MVC package to give meaningful error messages in cases of invalid configuration
The generated assemblies now have a strong name. This is a breaking change of the binary API and will require recompilation on all systems that consume this package. The strong name of the generated assembly allows compatibility with other, signed tools. Please note that this does not increase security or provide tamper-proof binaries, as the key is available in the source code per Microsoft guidelines
Add RequiredJwtRoles and RequiredJwtClaims to DanglIdentityServerConfiguration to configure required claims and / or roles when using Jwt authentication
When UseDanglIdentityJwtAuthentication is enabled on servers, the integrated endpoints for cookie authentication are disabled
CI tests for the .NET components are now also run on Linux
Include Id for current user in Angular client AuthenticationMessenger
Refactoring of Angular client
Update of Dangl.Identity dependencies
Breaking Change: If you're using Dangl.Identity Jwt authentication from the Dangl.Identity.Client.Mvc package, you should set the property UseDanglIdentityJwtAuthentication in the configuration for Dangl.Identity to true and ensure that app.UseDanglIdentityJwtTokenAuthentication() is called early in your request pipeline
Bugfix where the Angular library failed to update the current authentication status after failed token refresh attempts
An Angular front end package is now available at @dangl/angular-dangl-identity-client
Update internal dependencies to latest Dangl.Identity and to ASP.NET Core 2.2
Update internal dependencies
Fix bug where invalid Jwt tokens led to internal server error responses in Dangl.Identity.Client.Mvc
Remove HttpMessageHandler constructor argument from UserInformationTransmissionHttpHandler to be better composable with HttpClientFactory
Add overload to UserInformationTransmissionHttpHandler that allows to supply IHttpContextAccessor to be able to resolve dependencies on the fly from the RequestServices
Switch to HttpClientFactory
Introduced DanglIdentityHttpClientAccessor to abstract accessing HttpClient in Dangl.Identity.Client.Mvc services
Add support for user identicon id properties
Update to latest version 2.0.1 of Dangl.Identity
Renamed Dangl.Identity.OAuth to Dangl.Identity.Client.Mvc
Fix deserialization error of Jwt Bearer tokens to no longer throw exceptions on invalid input in Dangl.Identity.Client.Mvc
Dangl.Identity.Client is now public
Add support for client-side integration of OpenID with Dangl.Identity as OpenID provider
Add UserInformationTransmissionHttpHandler to share user information for requests contexts across different services
IUserService will now also determine user ids and whether users are authenticated in inter-service calls
See the README for requirements & setup on how to transmit user ids in inter-service requests
The extensions for OAuth as server-side integration now only support either Cookie auth or Jwt, not both. Specifying one will disable the other
IUserInfoService.GetCurrentClientIdAsync() now returns a string as ClientId to be in sync with Dangl.Identity
Added ClientCredentialsLoginAsync to DanglIdentityLoginHandler