2.3 Preview 2

As part of this release we had 65 issues closed.
next feature release

bugs

• #2752 Endpoint returns wrong WwwAuthentication header
• #2742 Fix a typo in TokenErrorResult.cs
• #2729 Add null check on Consent page
• #2658 Corrected internal value for ParsedSecretTypes.JwtBearer
• #2604 Create jwk document when signing with JsonWebKey
• #2561 Update path to SQL scripts
• #2533 DistributedCacheStateDataFormatter should handle failed Unprotect workflows
• #2523 CorsService doesn't handle null for origin
• #2504 DistributedCacheStateDataFormatter tries to unprotect null string
• #2499 fix ??-operator priority
• #2492 Refresh token is not redacted
• #2446 ReturnUrl in CustomRedirectResult?
• #2441 CloneWithScopes in ApiResource does not clone DisplayName
• #2358 Filter identity scopes and offline_access when no explicit scopes are specificed in client credentials
• #2336 Fix incorrect log message
• #2251 IdentityServer might log tokens in case of error

new features

• #2597 Add strong name
• #2440 Add built-in support for Confirmation (cnf)

enhancements

• #2745 Enhance object logging
• #2730 Unify empty string
• #2695 Changed level from error to warn on refresh token
• #2661 Be compatible with iOS 12 breaking changes
• #2641 Support idp:local in host
• #2617 Change: error code in TokenValidator class
• #2611 Update secrets.rst
• #2609 Add per-client SSO lifetime
• #2607 Change: Made DefaultUserSession.AuthenticateAsync overrideable
• #2593 Switch to new cake build version
• #2582 redundant one line of code.
• #2560 Consider making EndSessionRequestValidator public
• #2554 Should SessionId Cookies be considered "Essential"
• #2545 Make some internal types public to facilitate custom service implementations
• #2540 resolve login/logout url, et al from named options
• #2532 Consider resolving login url, et al from named options
• #2525 enable default client validator by default
• #2518 Add AsNoTracking for readonly queries
• #2517 Add explicit FK properties in EF entities to allow EF Core DataSeeding
• #2514 Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync
• #2513 Make AddScriptCspHeaders and AddStyleCspHeaders public
• #2512 Add parameters to IntrospectionRequestValidationResult - #2388
• #2509 Update all projects
• #2508 Move all repos to ASP.NET Core 2.1
• #2506 add invalid uri scheme validation
• #2489 IdentityServerAuthenticationService doesn't work well with the new dynamic/policy auth schemes in 2.1
• #2469 EndSession class should be public?
• #2460 Create abstractions package for Storage models and interfaces
• #2434 Consider redirect uri scheme blocked list
• #2402 IdentityServer4.AspNetIdentity's ProfileService readonly filelds should be protected
• #2393 Add details to logError in TokenRequestValidator
• #2374 Make client secret optional while parsing basic authentication secret
• #2359 During the cleanup token process, add support for an event when token is expired.
• #2357 Dont log SecurityTokenExpiredException as error, since it is not
• #2353 Sign nuget packages
• #2300 update the generated EF sql files
• #2299 Extract JWT payload creation to extension method
• #2298 Extension Grant flows need all the data of the request at the final build of the claims.
• #2285 Consider more metadata for clients and resources
• #2284 Add support for OAuth 2.0 Device Flow [WIP]
• #2280 Client missing description while EF Client has it.
• #2271 AdminUI Custom Database Tables
• #2264 ClientSecret exceeds the MaxLength value
• #2249 Consider Properties on ApiResource and IdentityResource EF models
• #2218 GetErrorContextAsync does not always return description.
• #2055 Consider create datetime on ClientSecret

breaking change

• #2524 Remove obsolete constructor on DefaultCustomTokenValidator