7.26.2 (2024-04-03)
Changed
- Add show_as_button to organizations connection #706 (jpealing-fiscaltec)
- Update LogStreamType to include all types #713 (frederikprijck)
- Support JWT Access Token Profile values in TokenDialect #714 (stevehobbsdev)
7.26.1 (2024-01-11)
Fixed
- Do not crash when User.Locale and UserInfo.Locale are an object #699 (frederikprijck)
- Ensure AsyncAgedCache is correctly updated #693 (frederikprijck)
7.26.0 (2023-12-21)
Changed
- Target .NET Framework 4.6.2 instead of 4.5.2 #687 (frederikprijck)
Note: This release drops support for .NET Framework 4.5.2, 4.6.0 and 4.6.1, which have no longer been supported by Microsoft since April 2022.
7.25.1 (2023-12-14)
Added
- Add OIDC back channel logout #682 (mfolker-sage)
7.25.0 (2023-11-28)
Added
- Add support for Pushed Authorization Request #677 (frederikprijck)
Fixed
- Ensure external_id is defined as string instead of int #679 (frederikprijck)
- Add Grants to IManagementApiClient #681 (pabrodez)
7.24.0 (2023-11-08)
Added
- Add Organizations in Client Credentials #673 (frederikprijck)
7.23.1 (2023-10-25)
Changed
- Add customize_mfa_in_postlogin_action to TenantSettings #670 (frederikprijck)
- Add passkey properties to AuthenticationMethod #669 (frederikprijck)
7.23.0 (2023-10-19)
Added
- Add roles to OrganizationMember #661 (frederikprijck)
- Add fields to Organizations Get All Members #660 (frederikprijck)
- Add external_id on Job #658 (frederikprijck)
- Add show_as_button to ConnectionBase.cs #647 (dylanAtWork)
Changed
- Move IsDomainConnection down into ConnectionBase #656 (amummaprojectmanager)
7.22.3 (2023-08-29)
Changed
- added generic get/set metadata methods on UserBase #646 (MichaelPruefer)
7.22.2 (2023-08-14)
Changed
- Support providing Organization when resetting password #635 (frederikprijck)
- Add cross_origin_authentication on Clients #643 (frederikprijck)
7.22.1 (2023-07-28)
Changed
- Add Name to Org Update Request #639 (amummaprojectmanager)
Fixed
- Add post_login_prompt to OrganizationRequireBehavior #637 (frederikprijck)
7.22.0 (2023-07-19)
Added
- Add Grants endpoint #633 (frederikprijck)
- Support Organization Name #631 (frederikprijck)
7.21.1 (2023-07-03)
Fixed
- Add ClientId to EmailVerificationTicket #629 (bellascalzi1)
7.21.0 (2023-06-05)
Added
- Add support for Client Credentials endpoint support in Management API #607 (frederikprijck)
- Added cancellation token to device credentials request #619 (msmolka)
7.20.0 (2023-05-16)
Added
7.19.1 (2023-04-25)
Changed
- Move IDisposable to IAuthenticationApiClient #611 (frederikprijck)
7.19.0 (2023-03-13)
Added
- Add Factor Management Endpoints #608 (frederikprijck)
7.18.0 (2023-01-18)
Added
- Add support for Client Assertion #605 (frederikprijck)
- Add support for the connection status API #601 (Hawxy)
7.17.4 (2022-10-17)
Changed
- Rework IdTokenValidator to be able to use a proxy #596 (frederikprijck)
- Add support for Ephemeral sessions #593 (frederikprijck)
7.17.3 (2022-10-03)
Changed
- [SDK-3641] Support stage property in Breached Password Detection configuration #591 (ewanharris)
7.17.2 (2022-09-12)
Changed
7.17.1 (2022-09-12)
Fixed
7.17.0 (2022-07-26)
Added
7.16.1 (2022-07-12)
Changed
release-7.16.0 (2022-05-03)
Changed
Security
- [Snyk] Security upgrade Newtonsoft.Json from 12.0.3 to 13.0.1 #560 (crew-security)
- [Snyk] Security upgrade Microsoft.IdentityModel.Protocols.OpenIdConnect from 5.6.0 to 6.5.0 #559 (snyk-bot)
release-7.15.0 (2022-03-04)
Added
- Add support for Rules Configs endpoints #552 (caldwell0414)
Changed
- Add ID Token validation to device-code and passwordless #553 (frederikprijck)
Note that with this release, ID Token validation has been added when retrieving a token using any of the Device Code or Passwordless flows. There might be a rare occasion where this could break your application, in the situation where you are using invalid ID Tokens. However, typically this should not cause any issues as ID Tokens are supposed to be valid. If they aren't, you probably want to get notified about it as soon as possible.
Prior to this change, those methods would return the tokens without checking the validaty of your ID Token. However, given the fact that this should realy be an edge case, and we believe it's a good idea to inform you about invalid tokens sooner rather than later, we decided to introduce this change in a minor release.
release-7.14.0 (2022-02-15)
Added
- Implement Attack Protection Endpoints #547 (frederikprijck)
release-7.13.0 (2022-02-11)
Added
- Retrieve and Update the Enabled Phone Factors #544 (frederikprijck)
release-7.12.1 (2022-01-07)
Changed
- Increase delay between subsequent retries #540 (frederikprijck)
Fixed
- add webauthn-* enrollment auth methods #539 (frederikprijck)
- Support updating all guardian factors #536 (frederikprijck)
release-7.12.0 (2021-10-27)
Added
- Support setting access token after instantiation of ManagementApiClient #532 (mfolker)
- Add auth0-forwarded-for header to passwordless sms authentication for… #530 (rhyswilliamszip)
release-7.11.0 (2021-10-01)
Added
- Add Keys Endpoints #527 (colinbobolin)
- Added Prompt Client to Management API SDK #522 (hakuna-matata-in)
Changed
- [SDK-2548] Support unpaginated requests for some endpoints #525 (frederikprijck)
release-7.10.0 (2021-08-30)
Added
- Add support for Actions Management APIs #517 (frederikprijck)
Fixed
- Ensure Checkpoint Pagination works when no next is returned #520 (frederikprijck)
release-7.9.0 (2021-08-24)
Added
- Add cancellation token support #513 (hawxy)
- Implement automatic rate-limit handling #512 (frederikprijck)
- Add connection property to OrganizationConnection #511 (frederikprijck)
- Update pagination interface to support 'from' and 'take' checkpoint pagination parameters #507 (evansims)
Fixed
- GetAllMemberRolesAsync should return a list of Role instances #514 (frederikprijck)
- Ensure CustomDomainVerification.Methods can be serialized #509 (frederikprijck)
Note: In the situation where you are providing your own implementation for IManagementConnection or IAuthenticationConnection, upgrading to 7.9.0 will require changing your implementations to also include the optional CancellationToken parameters.
release-7.8.1 (2021-07-07)
Fixed
- Make GuardianFactor serialization a bit more resilient to new factor names #504 (frederikprijck)
- Set ClientSecret if defined when using PKCE #503 (frederikprijck)
release-7.8.0 (2021-04-02)
Added
- [SDK-2438] Add support for Organizations in Management API #489 (frederikprijck)
release-7.7.0 (2021-03-23)
Added
- [SDK-2400] Add support for Organizations #486 (frederikprijck)
release-7.6.1 (2021-03-12)
Changed
- Add ApiError to RateLimitException to access the response body #480 (fernandozpiccin)
release-7.6.0 (2021-02-15)
Added
- Adds support for /branding endpoints #475 (connorconway)
- Adds support for /hooks endpoints #471 (connorconway)
Changed
- Ensure await is using ConfigureAwait #474 (frederikprijck)
release-7.5.1 (2021-02-02)
Changed
- Sync Tenant Flags with API v2 #467 (frederikprijck)
- Add ClientId to PasswordChangeTicketRequest #464 (frederikprijck)
release-7.5.0 (2021-01-21)
Added
- Add pagination to retrieving Device Credentials #460 (frederikprijck)
release-7.4.0 (2020-12-11)
Added
release-7.3.2 (2020-11-13)
Added
- Allow creating and updating RefreshToken settings for Clients #451 (SamTheWizard)
release-7.3.1 (2020-11-12)
Fixed
- Include WebAuthn Guardian Factory names #446 (frederikprijck)
release-7.3.0 (2020-10-23)
Added
- Complete passwordless API #438 (frederikprijck)
- Implement the POST Job Users Export endpoint #436 (frederikprijck)
- Support passing the Identity property to the payload sent to JobsClient.SendVerificationEmailAsync and TicketClient.CreateEmailVerificationTicketAsync in Auth0.ManagementApi
- Fix ConnectionsClient.GetAllAsync when trying to use multiple strategies in Auth0.ManagementApi
- Add Sources to the User's Permissions when using UserClient.GetPermissionsAsync in Auth0.ManagementApi. The return type of the UserClient.GetPermissionsAsync method has been changed, so there might be use-cases where this is breaking your existing code base. In case you are inheriting the UserClient and overriding the GetPermissionsAsync method, you will need to update your code to ensure the return type matches the return type of the updated UserClient.GetPermissionsAsync method.
- Add support for Log Streams API in Auth0.ManagementApi
- Fix boolean casing on form post operations such as ImportUsersAsync so that upsert and sendCompletionEmail work.
- Add missing "connections" property on UserBlock class
- AuthenticationApiClient now respects path portions of the URI passed to the constructor.
- Force DateParseHandling of DateTime in JSON.NET serialization to avoid global setting.
- Use own JSON.NET serialization settings (avoids conflicts with changes to global)
- Fix Jobs ImportUsersAsync function, add new SendVerificationEmail setting.
- Add missing properties to Jobs class.
- Add client_secret support to passwordless authentication.
- Ensure JWKS keys are cached for the correct period.
- Raise RateLimitApiException on 429/TooManyRequests status code response.
- Fixed path encoding allowing ResourceServers.GetAsync to work with HTTP URLs #377
- Add support for extra error properties to faciliate mfa_required etc. #376
- Fixed a concurrency issue - missing ConfigureAwait(false) in HttpClient*Connections.
- Fixes request message disposal issue in HttpClient*Connection.GetAsync on .NET Framework 4.x
There are many breaking changes in this release. Please see our Migration Guide for v7 at https://auth0.github.io/auth0.net/migrating.html
The summary of changes is:
-
Authentication SDK includes new ID Token Validation. If your application uses HS256 signing you should set either SigningAlgorithm to SigningAlgorithm.HS256 on requests you make to AuthenticationApiClient or switch to RS256 if your application is not confidential.
-
Improved testing and mocking support. You can now mock
IAuthenticationConnection/IManagementConnectionclasses to provide local unit-testing functionality forAuthenticationApiClientandManagementApiClientrespectively. -
Many classes moved namespace and assembly primarily ones in
Corethat were around paging. Visual Studio should be able to suggest where classes you were using now reside. -
Disposal is now consistent. If
AuthenticationApiClientorManagementApiClientcreate a connection for you they will manage its lifecycle. If you pass in a connection then it will be your responsibility to manage it. This also applies to howHttpClientAuthenticationConnectionandHttpClientManagementConnectionwill only dispose of aHttpClientthey create and not ones they are given. -
Rate Limiting information is now only available on the
RateLimitApiExceptionwhich is raised when the rate limit is exceeded. -
ApiExceptionis nowErrorApiException. If you use the status code or error message on exception you will need to switch to catching the later. The former is now a base class that does not have this information but ensures any old catchApiExceptionwill continue to catch rate limit exceptions which also now inherit from this class. -
Microsoft recommends
HttpClientis reused as much as possible. Therefore you should use dependency injection or inversion of control to ensure that either a single instance ofAuthenticationApiClient/ManagementApiClientor its connectionsHttpClientXConnectionare created to ensure sharing. These classes are now thread-safe. You can additionally shareHttpClientobjects between them if you wish by injecting it into theHttpClientXConnectionconstructor. -
Connections now have DisplayName, Realms and IsDomainConnection properties.
- Fix sharing of ApiConnection objects (would keep expanding default Auth0-Client header)
- Signup API result now handles custom databases returning variations of "id" name
- Fix EnrollmentAuthMethod.Authenticator enum name
- ClientBase now has property for
initiate_login_uri
SECURITY FIX for CVE-2019-16929. See https://github.com/auth0/auth0.net/blob/master/SECURITY-NOTICE.md#idtokenvalidator-public for more details.
WARNING: If you generate tokens in your project via System.IdentityModel.Tokens.Jwt please read the important notice at #300
- Upgraded System.IdentityModel.Tokens.Jwt to 5.5 to fix incompatible kid
- Upgraded Microsoft.IdentityModel.Protocols.OpenIdConnect to 5.5
- Add ClientId to VerifyEmailJobRequest
- Updated all test dependencies (xunit, FluentAssertions, .NET Test SDK)
- Removed unused Console Workbench project
- UserClient.GetEnrollments now correctly passes user id.
- User and role permissions endpoints in UsersClient and RolesClient paging fix.
- Assembly is now strong-name-signed so it can be used by other strong-name-signed packages.
- NOTE: This is code signing only using a non-secret key. It is not authenticode or tamper protection.
- User and role permissions endpoints in UsersClient and RolesClient now correctly honoring paging.
- User model optional fields (CreatedAt, UpdatedAt, LastLogin) are now nullable.
- TenantSettings lifetimes are now double not integer.
- Added various Guardian-related endpoints on UserClient.
- Missing Tenant settings now available (device flow, Guardian MFA, Change Password, flags etc.
- Added client_id to GetDeviceCredentials response
- Added various user properties to UserUpdateRequest
- New user permission endpoints added to UsersClient
- New role permission endpoints added to RolesClient
- AuthenticationApiClient now implements IDisposable to dispose ApiConnection and HttpClient
- Added various new and missing properties to Resource Servers (ResourceServerBase)
- New GuardianClient for managing /guardian endpoints
- New RolesClient for managing /roles endpoints
- PasswordChangeTicket now has IncludeEmailInRedirect and MailEmailAsVerified
- ApiConnection now has Dispose to dispose the HttpClient it creates
- ManagementApiClient now has Dispose to dispose the ApiConnection it creates
- XML documentation tweaks
- Dependencies updated
BREAKING CHANGES See our migration guide at https://github.com/auth0/auth0.net/blob/master/docs-source/migrating-to-v6.md
- All I*Client interfaces have been removed so adding endpoints is no longer breaking
- IManagementApi interface was removed so adding new clients is no longer breaking
- All non-paging GetAll methods have been removed
- DiagnosticsHeader/DiagnosticsComponent are no longer available