IdentityServer 7.2 to 7.3 upgrade guide #715

maartenba · maartenba · commit c63ba99b34c2 · 2025-06-19T10:43:27.000+02:00
diff --git a/src/content/docs/identityserver/upgrades/identityserver4-to-duende-identityserver-v7.mdx b/src/content/docs/identityserver/upgrades/identityserver4-to-duende-identityserver-v7.mdx
@@ -1,15 +1,15 @@
 ---
-title: "IdentityServer4 to Duende IdentityServer v7.2"
+title: "IdentityServer4 to Duende IdentityServer v7.3"
 sidebar:
   order: 138
-  label: IdentityServer4 → v7.2
+  label: IdentityServer4 → v7.3
 ---
 
 import { Code } from "astro/components";
 import { Steps } from "@astrojs/starlight/components";
 import { Tabs, TabItem } from "@astrojs/starlight/components";
 
-This upgrade guide covers upgrading from IdentityServer4 to Duende IdentityServer v7.2.
+This upgrade guide covers upgrading from IdentityServer4 to Duende IdentityServer v7.3.
 IdentityServer4 reached its end of life (EOL) on December 13, 2022. It is strongly advised to migrate to Duende IdentityServer.
 
 Depending on your current version of IdentityServer4, different steps may be required.
@@ -344,14 +344,14 @@ Update the IdentityServer4 dependencies in your IdentityServer host project to D
 
 ```diff lang="xml" title=".csproj"
 - <PackageReference Include="IdentityServer4" Version="4.1.2" />
-+ <PackageReference Include="Duende.IdentityServer" Version="7.2.0" />
++ <PackageReference Include="Duende.IdentityServer" Version="7.3.0" />
 ```
 
 You'll need to make a similar change for all IdentityServer4 packages, including `IdentityServer4.EntityFramework` and `IdentityServer4.AspNetIdentity`. For example:
 
 ```diff lang="xml" title=".csproj"
 - <PackageReference Include="IdentityServer4.EntityFramework" Version="4.1.2" />
-+ <PackageReference Include="Duende.IdentityServer.EntityFramework" Version="7.2.0" />
++ <PackageReference Include="Duende.IdentityServer.EntityFramework" Version="7.3.0" />
 ```
 
 The IdentityModel package was renamed to Duende IdentityModel and needs updating if you reference it directly:
diff --git a/src/content/docs/identityserver/upgrades/index.md b/src/content/docs/identityserver/upgrades/index.md
@@ -16,6 +16,10 @@ changes. Some updates contain changes to the stores used by IdentityServer that
 schema updates. If you are using our Entity Framework based stores we recommend using Entity Framework
 Migrations.
 
+## Upgrading from version 7.2 to 7.3
+
+See [IdentityServer v7.2 to v7.3](/identityserver/upgrades/v7_2-to-v7_3.md).
+
 ## Upgrading from version 7.1 to 7.2
 
 See [IdentityServer v7.1 to v7.2](/identityserver/upgrades/v7_1-to-v7_2.md).
diff --git a/src/content/docs/identityserver/upgrades/v6_3-to-v7_0.md b/src/content/docs/identityserver/upgrades/v6_3-to-v7_0.md
@@ -18,14 +18,12 @@ our [release notes](https://github.com/DuendeSoftware/products/releases/tag/is%2
 In your IdentityServer host project, update the version of the .NET framework. For example in your project file:
 
 ```xml
-
 <TargetFramework>net6.0</TargetFramework>
 ```
 
 would change to:
 
 ```xml
-
 <TargetFramework>net8.0</TargetFramework>
 ```
 
@@ -41,14 +39,12 @@ In your IdentityServer host project, update the version of the Duende.IdentitySe
 For example in your project file:
 
 ```xml
-
 <PackageReference Include="Duende.IdentityServer" Version="6.3.0"/>
 ```
 
 would change to:
 
 ```xml
-
 <PackageReference Include="Duende.IdentityServer" Version="7.0"/>
 ```
 
@@ -118,7 +114,6 @@ migrationBuilder.AlterColumn<long>(
 
 // Add this after AlterColumn
 migrationBuilder.AddPrimaryKey("PK_ServerSideSessions", "ServerSideSessions", "Id");
-
 ```
 
 :::note
diff --git a/src/content/docs/identityserver/upgrades/v7_2-to-v7_3.md b/src/content/docs/identityserver/upgrades/v7_2-to-v7_3.md
@@ -0,0 +1,68 @@
+---
+title: "Duende IdentityServer v7.2 to v7.3"
+sidebar:
+  order: 27
+  label: v7.2 → v7.3
+---
+
+This upgrade guide covers upgrading from Duende IdentityServer v7.2 to v7.3 ([release notes](https://github.com/DuendeSoftware/products/releases/tag/is-7.3.0)).
+
+IdentityServer 7.3.0 is a significant release that includes:
+
+- [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-security-profile-2_0-final.html) certification
+- JWT Response from the introspection endpoint ([RFC 9701](https://www.rfc-editor.org/rfc/rfc9701.html))
+- Diagnostic data
+- Removal of the experimental label from OpenTelemetry metrics
+- Additional license compliance warnings
+- Several bug fixes
+- Numerous small code quality and performance enhancements from the community
+
+There are no schema changes needed for IdentityServer 7.3. Small code changes maybe be required for some users to upgrade:
+
+- The `SendLogoutNotificationAsync` method has been removed from the `DefaultBackChannelLogoutService` class
+- Client `Secret` is now required for Clients with `ClientCredentials` grant
+
+## Step 1: Update NuGet package
+
+In your IdentityServer host project, update the version of the NuGet.
+For example in your project file:
+
+```xml
+<PackageReference Include="Duende.IdentityServer" Version="7.2.0" />
+```
+
+would change to:
+
+```xml
+<PackageReference Include="Duende.IdentityServer" Version="7.3.0" />
+```
+
+## Step 2: Breaking Changes
+
+Small code changes maybe be required for some users to upgrade.
+
+#### The `SendLogoutNotificationAsync` Method Has Been Removed From The `DefaultBackChannelLogoutService` Class
+
+To fix a bug where when using Entity Framework Core, code which previously executed in parallel needed to be modified to execute sequentially.
+This required the removal of the `SendLogoutNotificationAsync` method in the `DefaultBackChannelLogoutService` class.
+
+If you have previously overridden the `SendLogoutNotificationAsync` as an extensibility point, you will likely need to move your customization to the `PostLogoutJwt` method.
+
+https://github.com/DuendeSoftware/products/pull/2019
+
+#### Client `Secret` Is Now Required For Clients With `ClientCredentials` Grant
+
+Previously, it was possible to configure a client to allow the `ClientCredentials` grant without requiring a client secret, which is undesirable.
+The default validation of clients has been updated to ensure any client which allows the `ClientCredentials` grant also sets the `RequireClientSecret` flag to `true`,
+to disallow the configuration of a private client to behave like a public client.
+
+https://github.com/DuendeSoftware/products/pull/1796
+
+#### Removal Of The Experimental Label From OpenTelemetry Metrics
+
+Several [OpenTelemetry metrics](/identityserver/diagnostics/otel.md#detailed-metrics) previously created by the meter named
+"Duende.IdentityServer.Experimental" have been moved to the "Duende.IdentityServer" meter.
+
+## Step 3: Done!
+
+That's it. Of course, at this point you can and should test that your IdentityServer is updated and working properly.
