-
Notifications
You must be signed in to change notification settings - Fork 18
Releases
What's new:
- Update to the latest nuget packages.
- Add Extension methods in Arc4u.Standard.Results to enhance the FluentResult library.
- Improve Dapr Cache by adding a Settings section with a Name property to connect to the yaml Metadata component name for a Dapr Store.
- Fix an issue concerning the Json decryptor file. This fix let you add more than one decryptor and use this in other context than AspNet Core.
- Improve the ILogger AddIf extension methods/ The old one is now marked as obsolete and the new one uses a Func.
- Add a default scheme for Core services to have a better behavior (like 403 status code)...
- The ActivityId used is now moved from the AppPrincipal to IApplicationContext implementation.
- Refactoring of the RootCertificateExtractor for gRPC scenario.
- Do not use directly in the code the X509CertificateLoader but the interface one: IX509CertificateLoader.
- Added extension methods to ease the usage of FluentResults.
- Added extension methods to return from a FluentResult the corresponding HTTP result: Ok, NoContent, HttpProblemDetails, HttpValidationProblemDetails, and Created (with or without a location URL).
- Updated to the latest NuGet packages:
- System.IdentityModel.Tokens.Jwt => CVE-2024-21319 Moderate severity.
- Microsoft.Identity.Client => CVE-2024-27086 Low severity, CVE-2024-27086 Low severity.
- System.Text.Json => 8.0.4
- Capability to encrypt and decrypt long text (> 62 characters).
- Capability to disable the Audience check for OpenId and OAuth2 scenarios.
- ValidateAudience can be set in the application settings file to false or true; the default is true.
- Support for minimal API => at least this was tested and it works.
- JwtHttpHandlers in Arc4u.Standard.OAuth2.AspNetCore.Authentication. The try-catch is removed so any exceptions are not swallowed, easing the debugging.
- PR 108: Marked the method injecting the IScopedServiceProviderAccessor as obsolete and moved to IServiceProvider. The idea is to hide the IScopedServiceProviderAccessor and manage the complexity of this implementation (how and when to use it) at the level of the framework.
- PR 109: Added capability for OIDC and OAuth2 to use a specific certificate via a specific instance of the x509CertificateLoader.
- Scopes: In 8.1.0, when adding OIDC configuration, the 2 default scopes are added by default: openid and offline_access.
Now you have to add them manually. The objective is to not be blocked if your identity provider is rejecting a specific scope (openid and/or offline_access).
This minor version is fixing an issue regarding k8s deployment and end of tls commnication. When a service is performing an OpenID Connect authentication aspnet core is taking the protocol used to connect it. In k8s, often the tls communication is ended at the level of the ingress layer.
During the OpenID Connect authentication an OpenIdConnectEvents is generated, Arc4u has its own implementation of the event: StandardOpenIdConnectEvents.
The change now will force an https request to the authority even if the protocol is http. There is one exception where this is allowed and this is for http://localhost.
[GeneratedRegex(@"\b(?:http:\/\/localhost|https:\/\/)\b", RegexOptions.IgnoreCase)]
public static partial Regex HttpRegex();
public override Task RedirectToIdentityProvider(RedirectContext context)
{
// force https for redirect uri but for localhost.
if (!HttpRegex().IsMatch(context.ProtocolMessage.RedirectUri))
{
context.ProtocolMessage.RedirectUri = context.ProtocolMessage.RedirectUri.Replace("http://", "https://");
}
// Has been introduced for AzureAD => works also for Keykloack.
context.ProtocolMessage.State = Guid.NewGuid().ToString();
return base.RedirectToIdentityProvider(context);
}