release-7.6.0 (2021-02-15)
Added
- Adds support for /branding endpoints #475 (connorconway)
- Adds support for /hooks endpoints #471 (connorconway)
Changed
- Ensure await is using ConfigureAwait #474 (frederikprijck)
release-7.5.1 (2021-02-02)
Changed
- Sync Tenant Flags with API v2 #467 (frederikprijck)
- Add ClientId to PasswordChangeTicketRequest #464 (frederikprijck)
release-7.5.0 (2021-01-21)
Added
- Add pagination to retrieving Device Credentials #460 (frederikprijck)
release-7.4.0 (2020-12-11)
Added
release-7.3.2 (2020-11-13)
Added
- Allow creating and updating RefreshToken settings for Clients #451 (SamTheWizard)
release-7.3.1 (2020-11-12)
Fixed
- Include WebAuthn Guardian Factory names #446 (frederikprijck)
release-7.3.0 (2020-10-23)
Added
- Complete passwordless API #438 (frederikprijck)
- Implement the POST Job Users Export endpoint #436 (frederikprijck)
- Support passing the Identity property to the payload sent to JobsClient.SendVerificationEmailAsync and TicketClient.CreateEmailVerificationTicketAsync in Auth0.ManagementApi
- Fix ConnectionsClient.GetAllAsync when trying to use multiple strategies in Auth0.ManagementApi
- Add Sources to the User's Permissions when using UserClient.GetPermissionsAsync in Auth0.ManagementApi. The return type of the UserClient.GetPermissionsAsync method has been changed, so there might be use-cases where this is breaking your existing code base. In case you are inheriting the UserClient and overriding the GetPermissionsAsync method, you will need to update your code to ensure the return type matches the return type of the updated UserClient.GetPermissionsAsync method.
- Add support for Log Streams API in Auth0.ManagementApi
- Fix boolean casing on form post operations such as ImportUsersAsync so that upsert and sendCompletionEmail work.
- Add missing "connections" property on UserBlock class
- AuthenticationApiClient now respects path portions of the URI passed to the constructor.
- Force DateParseHandling of DateTime in JSON.NET serialization to avoid global setting.
- Use own JSON.NET serialization settings (avoids conflicts with changes to global)
- Fix Jobs ImportUsersAsync function, add new SendVerificationEmail setting.
- Add missing properties to Jobs class.
- Add client_secret support to passwordless authentication.
- Ensure JWKS keys are cached for the correct period.
- Raise RateLimitApiException on 429/TooManyRequests status code response.
- Fixed path encoding allowing ResourceServers.GetAsync to work with HTTP URLs #377
- Add support for extra error properties to faciliate mfa_required etc. #376
- Fixed a concurrency issue - missing ConfigureAwait(false) in HttpClient*Connections.
- Fixes request message disposal issue in HttpClient*Connection.GetAsync on .NET Framework 4.x
There are many breaking changes in this release. Please see our Migration Guide for v7 at https://auth0.github.io/auth0.net/migrating.html
The summary of changes is:
-
Authentication SDK includes new ID Token Validation. If your application uses HS256 signing you should set either SigningAlgorithm to SigningAlgorithm.HS256 on requests you make to AuthenticationApiClient or switch to RS256 if your application is not confidential.
-
Improved testing and mocking support. You can now mock
IAuthenticationConnection/IManagementConnectionclasses to provide local unit-testing functionality forAuthenticationApiClientandManagementApiClientrespectively. -
Many classes moved namespace and assembly primarily ones in
Corethat were around paging. Visual Studio should be able to suggest where classes you were using now reside. -
Disposal is now consistent. If
AuthenticationApiClientorManagementApiClientcreate a connection for you they will manage its lifecycle. If you pass in a connection then it will be your responsibility to manage it. This also applies to howHttpClientAuthenticationConnectionandHttpClientManagementConnectionwill only dispose of aHttpClientthey create and not ones they are given. -
Rate Limiting information is now only available on the
RateLimitApiExceptionwhich is raised when the rate limit is exceeded. -
ApiExceptionis nowErrorApiException. If you use the status code or error message on exception you will need to switch to catching the later. The former is now a base class that does not have this information but ensures any old catchApiExceptionwill continue to catch rate limit exceptions which also now inherit from this class. -
Microsoft recommends
HttpClientis reused as much as possible. Therefore you should use dependency injection or inversion of control to ensure that either a single instance ofAuthenticationApiClient/ManagementApiClientor its connectionsHttpClientXConnectionare created to ensure sharing. These classes are now thread-safe. You can additionally shareHttpClientobjects between them if you wish by injecting it into theHttpClientXConnectionconstructor. -
Connections now have DisplayName, Realms and IsDomainConnection properties.
- Fix sharing of ApiConnection objects (would keep expanding default Auth0-Client header)
- Signup API result now handles custom databases returning variations of "id" name
- Fix EnrollmentAuthMethod.Authenticator enum name
- ClientBase now has property for
initiate_login_uri
SECURITY FIX for CVE-2019-16929. See https://github.com/auth0/auth0.net/blob/master/SECURITY-NOTICE.md#idtokenvalidator-public for more details.
WARNING: If you generate tokens in your project via System.IdentityModel.Tokens.Jwt please read the important notice at auth0#300
- Upgraded System.IdentityModel.Tokens.Jwt to 5.5 to fix incompatible kid
- Upgraded Microsoft.IdentityModel.Protocols.OpenIdConnect to 5.5
- Add ClientId to VerifyEmailJobRequest
- Updated all test dependencies (xunit, FluentAssertions, .NET Test SDK)
- Removed unused Console Workbench project
- UserClient.GetEnrollments now correctly passes user id.
- User and role permissions endpoints in UsersClient and RolesClient paging fix.
- Assembly is now strong-name-signed so it can be used by other strong-name-signed packages.
- NOTE: This is code signing only using a non-secret key. It is not authenticode or tamper protection.
- User and role permissions endpoints in UsersClient and RolesClient now correctly honoring paging.
- User model optional fields (CreatedAt, UpdatedAt, LastLogin) are now nullable.
- TenantSettings lifetimes are now double not integer.
- Added various Guardian-related endpoints on UserClient.
- Missing Tenant settings now available (device flow, Guardian MFA, Change Password, flags etc.
- Added client_id to GetDeviceCredentials response
- Added various user properties to UserUpdateRequest
- New user permission endpoints added to UsersClient
- New role permission endpoints added to RolesClient
- AuthenticationApiClient now implements IDisposable to dispose ApiConnection and HttpClient
- Added various new and missing properties to Resource Servers (ResourceServerBase)
- New GuardianClient for managing /guardian endpoints
- New RolesClient for managing /roles endpoints
- PasswordChangeTicket now has IncludeEmailInRedirect and MailEmailAsVerified
- ApiConnection now has Dispose to dispose the HttpClient it creates
- ManagementApiClient now has Dispose to dispose the ApiConnection it creates
- XML documentation tweaks
- Dependencies updated
BREAKING CHANGES See our migration guide at https://github.com/auth0/auth0.net/blob/master/docs-source/migrating-to-v6.md
- All I*Client interfaces have been removed so adding endpoints is no longer breaking
- IManagementApi interface was removed so adding new clients is no longer breaking
- All non-paging GetAll methods have been removed
- DiagnosticsHeader/DiagnosticsComponent are no longer available