Update dependency IdentityServer4.AspNetIdentity to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
IdentityServer4.AspNetIdentity	3.1.3 -> 4.1.2

---

Release Notes

IdentityServer/IdentityServer4 (IdentityServer4.AspNetIdentity)

v4.1.2

Compare Source

minor bug fixes

v4.1.1

Compare Source

As part of this release we had 6 issues closed.

bugs

• #​4951 Add null check before setting consumedTime
• #​4948 DefaultClaimsService.GetIdentityTokenClaimsAsync uses wrong Resource parameter for ProfileData
• #​4929 Typo in DefaultClaimsService.cs

enhancements

• #​4942 Obfuscate refresh token and authorization code in logs
• #​4935 Update to Message to enable deserialization in .NET 5.0-rc1
• #​4711 Allow setting SameSite mode of the SessionId cookie

v4.1.0

Compare Source

As part of this release we had 13 issues closed.

bugs

• #​4854 only re-issue session cookie when client added #​4812
• #​4852 add defensive check to fix bug for when session is expired #​4844
• #​4851 fix serialization bug on LogoutRequest.Parameters #​4655
• #​4850 ensure consumed time is utc
• #​4849 fix bug for consent is saved regardless of RememberConsent
• #​4833 Consent is saved regardless of RememberConsent checkbox value
• #​4812 Sliding Cookies not working for implicit flow in IdentityServer4 v4.x
• #​4712 fix multiple WWW-Authenticate header to one

enhancements

• #​4870 Update JAR mime type
• #​4868 Make identity server work with publish single file in .NET 5.0
• #​4853 add more defensive check on check session endpoint #​4051
• #​4794 Add missing awaits on CachingClientStore and CachingResourceStore
• #​4744 Introduce LoggingOptions.AuthorizeRequestSensitiveValuesFilter

v4.0.4

Compare Source

As part of this release we had 2 issues closed.

bug

• #​4677 make AutoMapper v10 the min version

enhancement

• #​4649 Fix 401 malformed WWW-Authenticate

v4.0.3

Compare Source

As part of this release we had 4 issues closed.

bugs

• #​4670 defer calls to perform signout work to avoid re-entry recursion issue with AspId
• #​4641 Fix exception message when no matching signing algorithm can be found

enhancements

• #​4611 Allow AutoMapper 10
• #​4575 Reduce log level for expired secrets

v4.0.2

Compare Source

As part of this release we had 2 issues closed.

bug

• #​4615 Fix custom redirect after ProcessLogin for custom authorize response generators

enhancement

• #​4616 validate filter values on db results

v4.0.1

Compare Source

As part of this release we had 1 issue closed.

bug

• #​4577 fix exception with prompt=login

v4.0.0: 4.0

Compare Source

As part of this release we had 58 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

• #​4498 fix infinite loop in Token Cleanup after concurrency exception
• #​4496 AuthorizeInteractionResponseGenerator : MaxAge does not respect prompt=none
• #​4368 How to add a custom implementation (e.g. WsFederation) of IReturnUrlParser if everything is internal set in AuthorizationRequest class in next v4.x ?
• #​4295 DefaultClientConfigurationValidator bug
• #​4290 Fix cnf format for MTLS
• #​4268 AddOidcStateDataFormatterCache broken with new JSON serializer
• #​4173 Duplicate UserLoginSuccess/Failure events when using resource owner grant and IdentityServer4.AspNetIdentity
• #​4145 Error Response with invalid redirection URI on authorize endpoint
• #​4129 Fix logger category name for BackChannelLogoutHttpClient
• #​4095 Return invalid_grant when redirect_uri is invalid on token endpoint
• #​4075 Error Response with invalid redirection URI
• #​4037 Bug Fix #​4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

• #​4504 Update error handling for invalid response modes
• #​4502 Update form content check to reject multipart forms
• #​4501 Update authorization code validation to do client binding check before deleting the code in the store
• #​4499 Allow setting domain on SessionIdCookie #​4406
• #​4444 Make sensitive data filters configurable
• #​4439 namespace cleanup/refactor in host (to support templates)
• #​4428 add consumedtime to persisted grant and refresh token
• #​4427 Features/bootstrap update
• #​4409 Add strict JAR mode
• #​4390 enhancements to add logout notification service as first class service
• #​4376 Features/grants enhancements
• #​4361 Extend JWT token validation to accept space separated scopes
• #​4360 Adapt JWT request validation to latest JAR spec
• #​4357 Add iat to access tokens
• #​4352 Emit jti by default
• #​4343 Add option to set SameSite mode for internal cookies
• #​4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
• #​4245 Strict redirect uri validator app auth with path
• #​4237 Make aspid profile service more extensible
• #​4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
• #​4234 Use non-case sensitive string for any ids
• #​4227 switch to named HTTP clients from factory (instead of typed)
• #​4226 Reduce usage of Newtonsoft.Json
• #​4210 add sid and device description to grants table
• #​4208 add support for handling multiple prompt values
• #​4204 Add API to interaction service to return error to client
• #​4203 Improve query on cors origins. #​3395
• #​4202 include sid (if present) in access tokens #​3955
• #​4153 private_key_jwt updates
• #​4026 Added AddUserSession extension method
• #​4024 Add JAR support
• #​4019 Add client setting to require request object
• #​3979 Added notification for device code removal
• #​3969 Make cnf part of Token model
• #​3962 MTLS Update
• #​3892 V4: Multiple signing keys
• #​3761 Add a client setting to require request objects
• #​3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
• #​3692 Removed obsolete code
• #​3413 IUserSession.CreateSessionIdAsync should return sid
• #​3395 Improve query on cors origins.

breaking changes

• #​4335 Remove public origin setting
• #​4199 scope validation refactor
• #​3939 Update PKCE and Consent default settings on Client
• #​3888 Cleanup SignInAsync extension methods
• #​3887 V4: Make client claims serialization friendly

v3.1.4

Compare Source

As part of this release we had 2 issues closed.

bug

• #​4240 Fix UserLoginFailureEvent raised with interactive=true in resource owner grant flow

enhancement

• #​4618 validate filter values on db results

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.