Add support for returning AccessToken / RefreshToken together with HttpOnly cookie authentication.
To use that configure the clients with "UseHttpOnlyCookiesKeepPayload": true (e.g. in appsettings.json)
Add support for HttpOnly cookie authentication.
To enable it you should call services.AddOpenIddict().AddSupportForHttpOnlyCookieClients() and configure the clients with "UseHttpOnlyCookies": true (e.g. in appsettings.json)
Update OpenIdDict to v6
Added app.UseOpenIdDictConversionMiddleware() which helps to support old clients when migrating from IdentityServer. It allows to do the following:
- Remove non-existing scopes
- Remove header authorization (if client_id/client_secret are passed in Form parameters)
- Remove client_secret for public clients (otherwise OpenIdDict complains)
- Change name of form parameters (e.g.
userName->username)
EnableIdentityServerRefreshTokens() option that eases the migration from IdentityServer (i.e., Refresh Tokens from IdentityServer will still work, if PersistedGrants table remains)
Upgraded to .NET 7.