Upgrade OpenIddict to 7.3.0#25053
Conversation
Co-authored-by: maliming <6908465+maliming@users.noreply.github.com>
|
Are there any breaking changes in version 7.3.0? |
Based on the 7.3.0 release notes, there are no breaking changes that impact ABP's OpenIddict module. Here's a summary of the key changes: New features (non-breaking):
Deprecations with no ABP impact:
ABP's consumed packages ( |
There was a problem hiding this comment.
Pull request overview
Upgrades the repository’s centrally-managed OpenIddict package versions from 7.2.0 to 7.3.0 and records the dependency bump in the docs changelog.
Changes:
- Bump OpenIddict package versions to
7.3.0via Central Package Management (Directory.Packages.props). - Add a
10.3.0-previewentry to the package version changes documentation.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
Directory.Packages.props |
Updates the centrally-pinned OpenIddict package versions to 7.3.0. |
docs/en/package-version-changes.md |
Adds a new version section documenting the OpenIddict upgrades. |
Updated package version changes to reflect the release candidate version and removed the outdated preview section.
|
Hey guys, Hope you're doing well 😃 Copilot did a fairly good job analyzing the release notes but somehow missed an important part: while they are still supported, OpenIddict 7.3 now discourages using client secrets and encourages using either the client assertions introduced in 5.0 or the mTLS feature introduced in 7.3 (mTLS offers the best level of security but is more complicated to set up). I added some docs to help folks adopt these safer authentication methods:
That would be awesome if a future version of the ABP integration (maybe reserved to the Pro module?) could support attaching RSA and ECDSA public keys to the JSON Web Key Set of a client application. Client assertions are enabled by default in the server stack but it only works when you can configure the public keys for each client. Note: future OpenIddict versions will introduce the ability to dynamically resolve the JSON Web Key Set using client metadata, which is very similar to server discovery (of course, client metadata only works if the server can directly reach the client, so static JSON Web Key Sets will still be useful in many scenarios). All the best. |
|
Hey Kevin, Thanks for jumping in and pointing out what Copilot missed. We're planning to add JSON Web Key Set management to the Pro module so developers can configure public keys per client and use private_key_jwt. Will also look into mTLS down the road. Appreciate the doc links too, those will come in handy. Cheers!👍 |
Description
Upgrades all OpenIddict packages from
7.2.0to7.3.0per the 7.3.0 release.Single change in
Directory.Packages.props(Central Package Management) propagates across all referencing projects automatically:OpenIddict.AbstractionsOpenIddict.CoreOpenIddict.Server.AspNetCoreOpenIddict.Validation.AspNetCoreOpenIddict.Validation.ServerIntegrationNo breaking changes affect the ABP OpenIddict module. The only deprecated APIs in 7.3.0 (
TlsClientAuthenticationCertificateSelector,SelfSignedTlsClientAuthenticationCertificateSelector) are inOpenIddict.Client.*andOpenIddict.Validation.SystemNetHttppackages which ABP does not use. No code changes to the ABP OpenIddict module are required.Notable improvements in 7.3.0:
Checklist
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.