Major Update to IdentityModel.OidcClient

I just pushed Preview 3 of the 4.0 version of IdentityModel.OidcClient – this includes some major updates (that you might or might not have asked for):

  • Removal of OpenID Connect Hybrid Flow.
    The codebase does Authorization Code Flow + PKCE only now. This is inline with RFC8525 and the AppAuth reference implementations. Also – this reduced the complexity of the codebase dramatically
  • Support for pure OAuth-based request.
    Before this change, the openid scope was mandatory, which always meant OpenID Connect compliance on the server. You can now omit openid and do pure OAuth 2.0 as well.
  • Removing JWT signature validation from the core codebase.
    The signature validation is now a pluggable component. I provide a default implementation using Microsoft’s JWT handler in a separate Nuget package. This allowed to remove that dependency from OidcClient.
  • Removed dependency on NewtonSoft.Json
    Still IdentityModel uses it, this will change as well at some point.

All in all, this make OidcClient slimmer and thus hopefully easier to integrate into existing applications.

Please give it a try.

This entry was posted in IdentityModel, OAuth, OpenID Connect. Bookmark the permalink.

2 Responses to Major Update to IdentityModel.OidcClient

  1. nade says:

    when will the preview be available for general consumption?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s