Changelog

All notable changes to Dangl.Identity.Client are documented here.

v3.3.0:

  • DanglIdentityAuthenticationExtensions.UseDanglIdentityJwtTokenAuthentication now optionally supports to accept access tokens via query parameters, e.g. for usage in SignalR
  • DanglIdentityServerConfiguration.JwtBearerOptionsConfig was added as a way to customize the AddJwtBearer configuration

v3.2.5

  • Bugfix in the Angular library where a subscription to the token refresh event did not end after the first event

v3.2.4:

  • The DanglIdentityAuthenticationExtensions will now log the id of the client used for JWT logins
  • The DanglIdentityServerConfiguration class now has the AllowInsecureJwtIssuers property that allows to disable the Https requirement for token issuers

v3.2.3:

  • Fixed a bug in the Angular library where refresh token requests were cancelled when a dependency requested a refresh token but then cancelled the request. This led to the refresh token becoming invalid, thus requiring a reauthentication from the user

v3.2.2:

  • The Angular library was updated to Angular v10

v3.2.1:

  • The UseDanglIdentityJwtTokenAuthentication extension will now also work when the configured base urls have a trailing slash /

v3.2.0:

  • Added the ClaimsUtilities class for helping with managing claims from Jwt tokens
  • When performing a non-OpenID Cookie login, all user claims except some ignored ones will now be put on the user principal
  • Fixed an error where the IUserInfoService.GetCurrentUserIdAsync() method could throw an exception when the user id was only present in the sub claim and not in the ASP.NET Core default nameidentifier

v3.1.0:

  • The OpenID Extensions now remove the default claim type mapping and directly use the claim types from the JWT token, e.g. role is now directly available as a claim

v3.0.0:

  • Update to Dangl.Identity v3.0.0 and to .NET Core 3.1
  • The OpenID Connect extensions now check the access_token expiry and refresh the token if necessary. Additionally, locked out or deleted users are now also removed from client applications
  • When using the OpenID Connect extensions, it internally now calls AddIdentityCore instead of AddIdentity and adds some required services. This might break client applications that rely on services now no longer included. Consumers should manually add these to the dependency injection configuration
  • The AddMvcWithDanglIdentity extension was renamed to AddControllersWithDanglIdentity and the internal call to AddMvc was replaced with AddControllers. If required, consumers should manually call AddMvc in their apps
  • The Angular library was updated to Angular v9.1.9

v2.6.0:

  • Added UserInfo and AccessTokenExtensions in Dangl.Identity.Client

v2.5.2:

  • Added checks for the UserInfoService in the Dangl.Identity.Client.MVC package to give meaningful error messages in cases of invalid configuration

v2.5.1:

  • Dropped dependency IdentityServer4.AccessTokenValidation

v2.5.0:

  • The generated assemblies now have a strong name. This is a breaking change of the binary API and will require recompilation on all systems that consume this package. The strong name of the generated assembly allows compatibility with other, signed tools. Please note that this does not increase security or provide tamper-proof binaries, as the key is available in the source code per Microsoft guidelines

v2.4.3:

  • Add RequiredJwtRoles and RequiredJwtClaims to DanglIdentityServerConfiguration to configure required claims and / or roles when using Jwt authentication

v2.4.2:

  • When UseDanglIdentityJwtAuthentication is enabled on servers, the integrated endpoints for cookie authentication are disabled
  • CI tests for the .NET components are now also run on Linux

v2.4.1:

  • Include Id for current user in Angular client AuthenticationMessenger

v2.4.0:

  • Refactoring of Angular client

v2.3.0:

  • Update of Dangl.Identity dependencies
  • Breaking Change: If you're using Dangl.Identity Jwt authentication from the Dangl.Identity.Client.Mvc package, you should set the property UseDanglIdentityJwtAuthentication in the configuration for Dangl.Identity to true and ensure that app.UseDanglIdentityJwtTokenAuthentication() is called early in your request pipeline

v2.2.1:

  • Bugfix where the Angular library failed to update the current authentication status after failed token refresh attempts

v2.2.0:

  • An Angular front end package is now available at @dangl/angular-dangl-identity-client

v2.1.0:

  • Update internal dependencies to latest Dangl.Identity and to ASP.NET Core 2.2

v2.0.8:

  • Update internal dependencies

v2.0.7:

  • Fix bug where invalid Jwt tokens led to internal server error responses in Dangl.Identity.Client.Mvc

v2.0.4:

  • Remove HttpMessageHandler constructor argument from UserInformationTransmissionHttpHandler to be better composable with HttpClientFactory
  • Add overload to UserInformationTransmissionHttpHandler that allows to supply IHttpContextAccessor to be able to resolve dependencies on the fly from the RequestServices

v2.0.3:

  • Switch to HttpClientFactory
  • Introduced DanglIdentityHttpClientAccessor to abstract accessing HttpClient in Dangl.Identity.Client.Mvc services

v2.0.0:

  • Add support for user identicon id properties
  • Update to latest version 2.0.1 of Dangl.Identity
  • Renamed Dangl.Identity.OAuth to Dangl.Identity.Client.Mvc

v1.2.2:

  • Fix deserialization error of Jwt Bearer tokens to no longer throw exceptions on invalid input in Dangl.Identity.Client.Mvc

v1.2.1:

  • Dangl.Identity.Client is now public

v1.2.0:

  • Add support for client-side integration of OpenID with Dangl.Identity as OpenID provider
  • Add UserInformationTransmissionHttpHandler to share user information for requests contexts across different services
  • IUserService will now also determine user ids and whether users are authenticated in inter-service calls
  • See the README for requirements & setup on how to transmit user ids in inter-service requests
  • The extensions for OAuth as server-side integration now only support either Cookie auth or Jwt, not both. Specifying one will disable the other

v1.1.1:

  • Add UserInfoService.CLIENT_CLAIM_PREFIX
  • IUserInfoService.GetCurrentClientIdAsync() now returns a string as ClientId to be in sync with Dangl.Identity
  • Added ClientCredentialsLoginAsync to DanglIdentityLoginHandler

v1.1.0

  • Update to stay in sync with Dangl.Identity

v1.0.0

  • Initial Release