Changelog

All notable changes to Dangl.Identity.Client are documented here.

v6.2.0:

  • Update to .NET 8 & latest Dangl.Identity dependencies

v6.1.0:

  • Added a new endpoint to the DanglIdentityController that returns the user info data for the current request. If the user and / or client is authenticated, it will return all current claims. This is useful if backend-for-frontend authentication via cookies is used, where the frontend does not have direct access to the JWT
  • The claims property in the Angular UserInfo object's type was changed from {[key: string]: string} to {[key: string]: string[]}
  • Added DanglIdentityServerConfiguration.RelativeRedirectForAccessDenied, to configure access denied redirect paths in cases where the user declines consent when using OpenID Connect cookie authentication
  • Added DanglIdentityServerConfiguration.SetIncludeJwtBearerWithOpenIdCookie, to configure both OpenID Connect cookie and JWT authentication in the same application

v6.0.2:

  • Updated internal dependencies

v6.0.1:

  • Fixed a bug in the release pipeline that failed if the MS Teams API (for notifications) was returning an error

v6.0.0:

  • The DanglIdentityAppTokenHandler class is now available in the Dangl.Identity.Client.App package
  • The DanglIdentityServerTokenHandler class is now available in the Dangl.Identity.Client package
  • Fixed a bug where the provided IAccoundDelegatedClient in the Dangl.Identity.Client.Mvc package did not correctly use authentication when interacting with Dangl.Identity
  • The Dangl.Identity packages were updated to version 6

v5.0.1:

  • The Dangl.Identity.Client libraries are now all published to public NuGet and MyGet feeds

v5.0.0

  • Update to .NET 7 & latest Dangl.Identity dependencies

v4.1.3:

  • The lifecycle management in the Angular client was updated to correctly complete and unsubscribe from all subscriptions
  • Fixed a bug in the DanglIdentityUserInfoUpdater that caused exceptions when new users were created from JWT tokens concurrently

v4.1.2:

  • The Angular client was updated to use any Angular version at v14 or upwards

v4.1.1:

  • The Angular client was updated to Angular v14

v4.1.0:

  • The client libraries and tests were updated to .NET 6 and Dangl.Identity dependencies were updated to v4.2

v4.0.1:

  • Updated the frontend dependency to Angular v13

v4.0.0:

  • All packages were updated to Dangl.Identity v4 and to .NET 5
  • Support for fallback uris for Dangl.Identity has been removed. This was rarely used in practice, and makes integrations in clients easier

v3.4.0:

  • The Angular package was upgraded to Angular v12
  • The DanglIdentityServerConfiguration.HttpMessageHandlerFactory will now no longer default to an Action that returns null but will itself be set to null for new instances
  • The .NET client now uses System.Text.Json internally instead of Newtonsoft.Json for Json serialization
  • Added IDanglIdentityRequestValidator to Angular client to allow developers to control for which requests authorization tokens are included

v3.3.0:

  • DanglIdentityAuthenticationExtensions.UseDanglIdentityJwtTokenAuthentication now optionally supports to accept access tokens via query parameters, e.g. for usage in SignalR
  • DanglIdentityServerConfiguration.JwtBearerOptionsConfig was added as a way to customize the AddJwtBearer configuration

v3.2.5

  • Bugfix in the Angular library where a subscription to the token refresh event did not end after the first event

v3.2.4:

  • The DanglIdentityAuthenticationExtensions will now log the id of the client used for JWT logins
  • The DanglIdentityServerConfiguration class now has the AllowInsecureJwtIssuers property that allows to disable the Https requirement for token issuers

v3.2.3:

  • Fixed a bug in the Angular library where refresh token requests were cancelled when a dependency requested a refresh token but then cancelled the request. This led to the refresh token becoming invalid, thus requiring a reauthentication from the user

v3.2.2:

  • The Angular library was updated to Angular v10

v3.2.1:

  • The UseDanglIdentityJwtTokenAuthentication extension will now also work when the configured base urls have a trailing slash /

v3.2.0:

  • Added the ClaimsUtilities class for helping with managing claims from Jwt tokens
  • When performing a non-OpenID Cookie login, all user claims except some ignored ones will now be put on the user principal
  • Fixed an error where the IUserInfoService.GetCurrentUserIdAsync() method could throw an exception when the user id was only present in the sub claim and not in the ASP.NET Core default nameidentifier

v3.1.0:

  • The OpenID Extensions now remove the default claim type mapping and directly use the claim types from the JWT token, e.g. role is now directly available as a claim

v3.0.0:

  • Update to Dangl.Identity v3.0.0 and to .NET Core 3.1
  • The OpenID Connect extensions now check the access_token expiry and refresh the token if necessary. Additionally, locked out or deleted users are now also removed from client applications
  • When using the OpenID Connect extensions, it internally now calls AddIdentityCore instead of AddIdentity and adds some required services. This might break client applications that rely on services now no longer included. Consumers should manually add these to the dependency injection configuration
  • The AddMvcWithDanglIdentity extension was renamed to AddControllersWithDanglIdentity and the internal call to AddMvc was replaced with AddControllers. If required, consumers should manually call AddMvc in their apps
  • The Angular library was updated to Angular v9.1.9

v2.6.0:

  • Added UserInfo and AccessTokenExtensions in Dangl.Identity.Client

v2.5.2:

  • Added checks for the UserInfoService in the Dangl.Identity.Client.MVC package to give meaningful error messages in cases of invalid configuration

v2.5.1:

  • Dropped dependency IdentityServer4.AccessTokenValidation

v2.5.0:

  • The generated assemblies now have a strong name. This is a breaking change of the binary API and will require recompilation on all systems that consume this package. The strong name of the generated assembly allows compatibility with other, signed tools. Please note that this does not increase security or provide tamper-proof binaries, as the key is available in the source code per Microsoft guidelines

v2.4.3:

  • Add RequiredJwtRoles and RequiredJwtClaims to DanglIdentityServerConfiguration to configure required claims and / or roles when using Jwt authentication

v2.4.2:

  • When UseDanglIdentityJwtAuthentication is enabled on servers, the integrated endpoints for cookie authentication are disabled
  • CI tests for the .NET components are now also run on Linux

v2.4.1:

  • Include Id for current user in Angular client AuthenticationMessenger

v2.4.0:

  • Refactoring of Angular client

v2.3.0:

  • Update of Dangl.Identity dependencies
  • Breaking Change: If you're using Dangl.Identity Jwt authentication from the Dangl.Identity.Client.Mvc package, you should set the property UseDanglIdentityJwtAuthentication in the configuration for Dangl.Identity to true and ensure that app.UseDanglIdentityJwtTokenAuthentication() is called early in your request pipeline

v2.2.1:

  • Bugfix where the Angular library failed to update the current authentication status after failed token refresh attempts

v2.2.0:

  • An Angular front end package is now available at @dangl/angular-dangl-identity-client

v2.1.0:

  • Update internal dependencies to latest Dangl.Identity and to ASP.NET Core 2.2

v2.0.8:

  • Update internal dependencies

v2.0.7:

  • Fix bug where invalid Jwt tokens led to internal server error responses in Dangl.Identity.Client.Mvc

v2.0.4:

  • Remove HttpMessageHandler constructor argument from UserInformationTransmissionHttpHandler to be better composable with HttpClientFactory
  • Add overload to UserInformationTransmissionHttpHandler that allows to supply IHttpContextAccessor to be able to resolve dependencies on the fly from the RequestServices

v2.0.3:

  • Switch to HttpClientFactory
  • Introduced DanglIdentityHttpClientAccessor to abstract accessing HttpClient in Dangl.Identity.Client.Mvc services

v2.0.0:

  • Add support for user identicon id properties
  • Update to latest version 2.0.1 of Dangl.Identity
  • Renamed Dangl.Identity.OAuth to Dangl.Identity.Client.Mvc

v1.2.2:

  • Fix deserialization error of Jwt Bearer tokens to no longer throw exceptions on invalid input in Dangl.Identity.Client.Mvc

v1.2.1:

  • Dangl.Identity.Client is now public

v1.2.0:

  • Add support for client-side integration of OpenID with Dangl.Identity as OpenID provider
  • Add UserInformationTransmissionHttpHandler to share user information for requests contexts across different services
  • IUserService will now also determine user ids and whether users are authenticated in inter-service calls
  • See the README for requirements & setup on how to transmit user ids in inter-service requests
  • The extensions for OAuth as server-side integration now only support either Cookie auth or Jwt, not both. Specifying one will disable the other

v1.1.1:

  • Add UserInfoService.CLIENT_CLAIM_PREFIX
  • IUserInfoService.GetCurrentClientIdAsync() now returns a string as ClientId to be in sync with Dangl.Identity
  • Added ClientCredentialsLoginAsync to DanglIdentityLoginHandler

v1.1.0

  • Update to stay in sync with Dangl.Identity

v1.0.0

  • Initial Release