-
Notifications
You must be signed in to change notification settings - Fork 401
Release Notes 5.2.2
BrentSchmaltz edited this page Apr 25, 2018
·
8 revisions
- Added in support for caching SignatureProviders. Each time a signature is created or verified, a new cryptographic object is spun up and then disposed. Users now have the option of caching operators and have them reused for the lifetime of the process. There are different ways to do this. For process wide caching CryptoProviderFactory.DefaultCacheSignatureProviders = true. Will result in caching for all CryptoProviderFactories. CryptoProviderFactory.Default.CacheSignatureProviders = true, will just set the Default, other factories will not cache.
- Calling the empty JwtHeader() constructor no longer results in the Alg, Kid, Typ, or SigningCredentials being set.
- JsonWebKey.CreateECDsa() throws an exception if the operating system being used is not Windows.
- SourceLink has been added to release builds. See here for more details.
- The JsonWebKey 'KeyId' and 'kid' properties now refer to the same backing field (keeping them in sync).
- Some useful information for debugging/logging is now logged before any other information is logged.
- ES512/P-521 point parameter size has been changed to 66 bytes (the correct value) from 64.
- The check for valid ECDSA key size is done before any bytes are written, so it is no longer possible for overflow errors to occur.
- See here for a full list of issues that were fixed.
Conceptual Documentation
- Using TokenValidationParameters.ValidateIssuerSigningKey
- Scenarios
- Validating tokens
- Outbound policy claim type mapping
- How ASP.NET Core uses Microsoft.IdentityModel extensions for .NET
- Using a custom CryptoProvider
- SignedHttpRequest aka PoP (Proof-of-Possession)
- Creating and Validating JWEs (Json Web Encryptions)
- Caching in Microsoft.IdentityModel
- Resiliency on metadata refresh
- Use KeyVault extensions
- Signing key roll over