Duende IdentityServer 7.1 New Year's Release

Happy New Year! Duende IdentityServer 7.1 is a new release we’re excited to share with you. In this article, we will discuss some exciting enhancements and breaking changes that software developers should be aware of when upgrading from previous versions.

Overview of Major Updates

This release of Duende IdentityServer 7.1 includes the following changes.

  • .NET 9 support
  • Use of Duende.IdentityModel
  • New license usage helpers
  • Improved extensibility of the ClientConfigurationStore in the Configuration API
  • Improved log filtering when an HTTP request is aborted
  • Redaction of the subject token during token exchange
  • And several bug fixes and code quality improvements

Let’s discuss the standout updates to Duende IdentityServer that should be considered when upgrading your instances.

Support for .NET 9

With support for .NET 9, upgrade-conscience developers can now take advantage of several new performance improvements and language features released in the latest SDK. These features include better resource utilization, new APIs, AI building blocks, ASP.NET Core hosting improvements, and .NET Aspire 9, to name only a few. Developers can utilize these additions to .NET with Duende IdentityServer to improve productivity and fine-tune production deployments.

Read more about .NET 9 features in the official Microsoft documentation. Our own, Joe DeCock has also contributed the PAR implementation to the latest version of ASP.NET Core, which you can read about here.

IdentityModel is now Duende.IdentityModel

The upgrade from 7.0 to 7.1 requires no schema changes, but a breaking code change will affect most implementations - we have renamed IdentityModel to Duende.IdentityModel to more accurately reflect our commitment and responsibility to the popular package.

Any code references, such as namespaces or explicit type usage, may require changes in your existing codebase to reflect the namespace change. The change should be relatively straightforward, as no changes to the implementation or code have occurred.

- using IdentityModel;
+ using Duende.IdentityModel;

Finding these issues should be straightforward using compilation errors and an editor’s search and replace functionality.

License Usage Helpers

We’ve found some developers are unaware of the features their applications utilize during the discovery phase of adopting Duende IdentityServer. This release adds a new auditing feature called “License Usage Summary.” This feature internally tracks IdentityServer usage scenarios, giving developers access to information regarding License Edition, Clients Used, Issuers Used, and Features Used. Developers can access this information through an application’s services collection by requesting the LicenseUsageSummary type. Developers can use this information with stakeholders to determine if an IdentityServer solution is correctly licensed and compliant for production deployment.

Read more about our recommended approach to using this new License Usage Summary feature in the official documentation.

Switched to IConfigurationDbContext in ClientConfigurationStore

The ClientConfigurationStore in the Duende.Configuration.EntityFramework package now depends on IConfigurationDbContext instead of ConfigurationDbContext to allow for improved customization. You may need to update your constructors if you have a customized store derived from the default store. Note that this only affects the Entity Framework-based implementation of the configuration store.

Improved Filtering of Aborted HTTP Requests

Typically, an IdentityServer host throws an OperationCanceledException or TaskCanceledException when in-flight requests abruptly disconnect. This behavior is expected but can lead to noise in production logging solutions. We have updated our filters to account for both exceptions to reduce logging pressure.

Subject Token Redacted from Logging

Subject tokens passed in during token exchange are now redacted from logs, helping ensure your logs are more secure and minimizing the amount of personally identifying information found in production system logs.

Bug Fixes and Code Quality Improvements

We continue to improve the quality of our code and address bugs submitted by IdentityServer customers. The Release Notes page provides specific information on published changes.

Tell Us What You Think

We’re very proud of this release, which marks the start of a new year for Duende and customers. We also want to thank the community members for their contributions. For more technical information about this release, please visit our Release Notes page on our Products repository, follow us on social media channels, or email our team. As always, thank you for being a valued Duende customer; we look forward to helping you solve your IAM needs.