Bump OpenIddict to 6.1.1#17582
Conversation
kevinchalet
added
OpenId
dependencies
|
|
||
| <!-- dotnet/extensions repository --> | ||
| <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="9.1.0" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="9.2.0" /> |
There was a problem hiding this comment.
Note: bumping that dependency was required as OpenIddict references the 9.2.0 version of that package.
| // Note: caching is enabled for both authorization and end session requests to allow sending | ||
| // large POST authorization and end session requests, but can be programmatically disabled, as the | ||
| // authorization and end session views support flowing the entire payload and not just the request_uri. | ||
| options.EnableAuthorizationRequestCaching = true; |
There was a problem hiding this comment.
Note: these options were moved to OpenIddictServerOptions (instead of OpenIddictServerAspNetCoreOptions) as part of the OAuth 2.0 Pushed Authorization Requests introduction. The old properties are still there but obsolete and no-op.
| return View(new AuthorizeViewModel | ||
| { | ||
| ApplicationName = await _applicationManager.GetLocalizedDisplayNameAsync(application), | ||
| RequestId = request.RequestId, |
There was a problem hiding this comment.
Note: OpenIddictRequest.RequestId is obsolete in OpenIddict 6.1.0+ (the request caching feature now uses request_uri) but that property wasn't used anywhere so I decided to remove it.
| authorization => authorization.CreationDate < threshold.UtcDateTime && | ||
| (authorization.Status != OpenIddictConstants.Statuses.Valid || | ||
| (authorization.Type == OpenIddictConstants.AuthorizationTypes.AdHoc && | ||
| (authorization.Status != Statuses.Valid || authorization.Type == AuthorizationTypes.AdHoc) && |
There was a problem hiding this comment.
Note: that behavior change is deliberate: openiddict/openiddict-core#2251.
Piedone
left a comment
Piedone
left a comment
There was a problem hiding this comment.
This update was in the Renovate queue as well. I now triggered it: #17583. Could you please check if that's right (as far as automatic updates can go, like the one-off Microsoft.Extensions.Http.Resilience fluke can't be fixed by Renovate, but perhaps we need to update it in the same group?), and if not, change the config here: https://github.com/OrchardCMS/OrchardCore/blob/main/renovate.json5#L62
|
The bot config looks good. I made my tests without bumping the two other dependencies, but if you prefer, I can bump them as part of this PR and close the automatic one. Regarding |
Piedone
left a comment
Piedone
left a comment
There was a problem hiding this comment.
The bot config looks good. I made my tests without bumping the two other dependencies, but if you prefer, I can bump them as part of this PR and close the automatic one.
Let's bump those too, then. Please merge from that PR and then we can merge this (after which that'll be closed automatically).
Regarding
Microsoft.Extensions.Http.Resilience, we could do that, but if we end up doing for all the packages OpenIddict itself references, the list may be long. Let's wait until we think we really need that?
OK, let's leave it for now.
Co-Authored-By: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2 participants
No description provided.