Bump OpenIddict.AspNetCore from 4.9.0 to 5.0.0

[dependabot]

Bumps OpenIddict.AspNetCore from 4.9.0 to 5.0.0.

Release notes

Sourced from OpenIddict.AspNetCore's releases.

5.0.0

For more information about this release, read OpenIddict 5.0 general availability.

5.0.0-rc1

This release introduces the following changes:

• TokenValidationParameters.ClockSkew is now supported by OpenIddict, that will honor it when validating the expiration date of a token.

• A bug preventing the OpenIddictClientService.ChallengeUsingDeviceAsync() and OpenIddictClientService.AuthenticateWithDeviceAsync() APIs from flowing the additional device authorization request/token request parameters set by the application was identified and fixed (thanks @​hangy for reporting it! ❤️)

• A bug preventing signing/encryption certificates from being correctly sorted was identified and fixed (thanks Stefan Chiriac for reporting the issue and suggesting the fix!)

Note: 5.0.0-rc1 is the last preview before RTM ships next week. As such, OpenIddict users are invited to start testing 5.0.0-rc1 and share their feedback to ensure no regression affects their applications.

5.0.0-preview3

This release introduces the following changes:

• On .NET 7.0 and higher, the Entity Framework Core stores now use bulk updates and bulk deletes when large amounts of entities are expected to be updated/removed. If necessary, bulk operations can be disabled by calling options.DisableBulkOperations() in the OpenIddict EF Core stores options.

• A new IOpenIddictTokenManager.RevokeByAuthorizationIdAsync() API was introduced to dramatically improve the performance of token revocation when using the Entity Framework Core (.NET 7.0+-only) - or MongoDB stores.

• The Entity Framework Core stores that use IDbTransaction were updated to run these operations inside execution strategies, which allows using the built-in stores with options.EnableRetryOnFailure() without having to override them.

• The IOpenIddictAuthorizationManager.PruneAsync() and IOpenIddictTokenManager.PruneAsync() APIs (and the corresponding stores methods) now return the number of authorizations/tokens that were removed.

• Constants for the standard claim request members were added (thanks @​davhdavh! ❤️)

Note: 5.0.0-preview3 is likely one of the very last previews before RTM ships later this month. As such, OpenIddict users will be invited to start testing 5.0.0-preview3 and share their feedback during the next few weeks.

5.0.0-preview2

This release introduces the following changes:

• All the OpenIddict packages now target .NET 8.0 (.NET Standard 2.0/2.1, .NET 6.0/7.0 and .NET Framework 4.6.1+ are still fully supported).

• A Zoom.us integration was added to OpenIddict.Client.WebIntegration.

• The authentication results returned by OpenIddictClientService now expose the expiration date of access tokens (thanks @​davhdavh! ❤️)

• To support advanced scenarios (e.g custom grants), the OWIN and ASP.NET Core hosts have been updated to return an AuthenticateResult with an empty main principal - and the additional principals attached to AuthenticateResult.Properties - instead of a null result (see openiddict/openiddict-core#1912 for more information).

5.0.0-preview1

For more information about this release, read Introducing native applications, per-client token lifetimes and client assertions support in OpenIddict 5.0 preview1.

4.10.1

This release introduces the following changes:

• A bug preventing the OpenIddictClientService.ChallengeUsingDeviceAsync() and OpenIddictClientService.AuthenticateWithDeviceAsync() APIs from flowing the additional device authorization request/token request parameters set by the application was identified and fixed (thanks @​hangy for reporting it! ❤️)

4.10.0

This release introduces the following changes:

• All the OpenIddict packages now target .NET 8.0 (.NET Standard 2.0/2.1, .NET Core 3.1, .NET 6.0/7.0 and .NET Framework 4.6.1+ are still fully supported).

• A Zoom.us integration was added to OpenIddict.Client.WebIntegration.

... (truncated)

Commits

• 5162809 Update Versions.props to build 5.0.0 packages
• 7aceeae Update Versions.props to build 5.0.0-rtm packages
• f7b20a9 Update README.md to clarify the support policy
• 1f91321 Rename the OpenIddictClientService.GetClientRegistrationAsync()/GetServerConf...
• c8f7c2c Declare OpenIddictClientRegistration.ConfigurationManager as a nullable property
• a38084c Update the sponsors section
• e110784 Use input boxes for the OpenIddict version in the issue templates
• be25f74 Update Versions.props to build 5.0.0-rc2 packages
• dc19fee Bump the .NET/ASP.NET Core dependencies
• 78c731f Bump Scriban to 5.9.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (44c5e68) 64.24% compared to head (726d658) 83.11%.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1111       +/-   ##
===========================================
+ Coverage   64.24%   83.11%   +18.87%     
===========================================
  Files         136       53       -83     
  Lines        5311     3122     -2189     
  Branches      615      341      -274     
===========================================
- Hits         3412     2595      -817     
+ Misses       1813      450     -1363     
+ Partials       86       77        -9     

Flag	Coverage Δ
WebClient	83.11% <ø> (ø)
Website	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Superseded by #1116.