IdentityModel has been growing organically over the last years, and we felt it is necessary to do some fundamental cleanup. At the same time it is used by a lot of people and companies (currently around 20 million downloads on nuget) – which is a bit scary when doing breaking changes.
But since we are at a point where a new .NET Core runtime is released, and thus many other libraries will release new major version, we thought that this might be a good opportunity to make the changes.
This version is a breaking release!!!
Stay on v3.x if you are using:
- IdentityServer4 v2.x
- IdentityServer4.AccessTokenValidation v2.x
- IdentityModel.AspNetCore.OAuth2Introspection v3.x
- IdentityModel.OidcClient v2.x
..in fact, I am in the process of pushing updates to these packages that sets an upper bound for the IdentityModel dependency (aka ‘[3.10.10,4.0)‘).
All subsequent major versions of the above mentioned packages have switched to IdentityModel v4 and will be released along with IdentityServer4 v3 on the 23rd September.
In the coming days I will push IdentityModel v4 to nuget – here’s a high level list of the changes.
I dropped the net452 target – v4 is targeting net461 and netstandard2.0 only.
Removed old *Client classes
I removed the protocol client classes like TokenClient in favour of the newer style extension methods for HttpMessageInvoker (the base class of HttpClient).
I added a new TokenClient and IntrospectionClient based on the new design which is now DI and HttpClientFactory friendly. I did that mainly because I needed them in some other project. Give them a try, and see if they work for you as well.
Removed access token related delegating handlers for HttpClient
I never was happy with their design, and they also did not work for some common scenarios. Part of the work has been moved to OidcClient (for native apps) and part of it has been moved to the ASP.NET Core specific IdentityModel.
Updated extension methods
The protocol extensions methods have been re-written from the ground up. The public API surface stayed mostly the same, but certain classes have been renamed for clarity.
The request objects now derive from `HttpRequestMessage` which gives you more control over the HTTP details (e.g. headers).
Updated Epoch Extensions
Year 2038 is coming! All extensions have been updated to use long instead of int. Alternatively – .NET has built-in support now as well. So feel free to switch to that if you like.
I probably changed some parameter, classes and namespace names..
As I said, I will push v4 in the coming days. Now is your last chance to chime in if you feel something is wrong.