-
Open.IdentityServer 1.0.2
Supported- Date Posted
- 16 July 2026
- Version
- 1.0.2
-
Open.IdentityServer 1.0.1
Supported- Date Posted
- 25 June 2026
- Version
- 1.0.1
Bug Fixes
- Fix Null Ref Exception when using
CompatibilityKeyStoreand the underlying storage is empty. (8cc0d4) - dded
MaxLifetimeoption for keys when usingCompatibilityKeyStore. Default is 90 days. Previously it was possible for expired keys to be used if they were set to not be deleted after expiry in Duende IdentityServer. (ba038a) - Fix audience claims not being mapped to token audiences in
IdentityServerTools(90047b)
-
Open.IdentityServer 1.0.0
Supported- Date Posted
- 02 June 2026
- Version
- 1.0.0
Features
Bug Fixes
- CVE-2024-39694, open redirect vulnerability fixed (6ccfbd)
- When creating token payload, ignore custom claims used for token validation (e.g. aud, iat, etc) (3ed930)
- Remove Nonce requirement when not asking for an ID tokens from the Auth Endpoint (375570)
- Update custom redirect result to make return url construction similar to that of login and consent (970529)
- Post logout in app auth validator using wrong uri list (678dd2)
- Custom Redirect return URL callback incorrect (cb7027)
- Fix GetAuthorizationContextAsync to return multiple query values from returnUrl (e62a27)
- Access tokens created by during refresh tokens flows do not generate new JTI claims (ef57c3)
- Added authorise response parameter 'iss' (cb3f87)
- Set refresh token usage to reuse by default (00f076)
IdentityServer