Skip to Content
IdentityServer
RSS Feed

  • Open.IdentityServer 1.0.0

    Supported
    Date Posted
    02 June 2026
    Version
    1.0.0

    Features

    • Added support for Resource Indicators RFC 8707 (c613bd)
    • Added persisted grant data protection (85703c)

    Bug Fixes

    • CVE-2024-39694, open redirect vulnerability fixed (6ccfbd)
    • When creating token payload, ignore custom claims used for token validation (e.g. aud, iat, etc) (3ed930)
    • Remove Nonce requirement when not asking for an ID tokens from the Auth Endpoint (375570)
    • Update custom redirect result to make return url construction similar to that of login and consent (970529)
    • Post logout in app auth validator using wrong uri list (678dd2)
    • Custom Redirect return URL callback incorrect (cb7027)
    • Fix GetAuthorizationContextAsync to return multiple query values from returnUrl (e62a27)
    • Access tokens created by during refresh tokens flows do not generate new JTI claims (ef57c3)
    • Added authorise response parameter 'iss' (cb3f87)
    • Set refresh token usage to reuse by default (00f076)

    Other

    Download on nuget.org or view the release on GitHub