Skip to content

Duende.AspNetCore.Authentication.OAuth2Introspection 7.0.0 Preview 2

Pre-release
Pre-release

Choose a tag to compare

@pgermishuys pgermishuys released this 17 Oct 14:18
· 3 commits to main since this release
f8f426c

This is a preview release which contains enhancements, a breaking change, and support for .NET 10 RC2.

Breaking Changes

  • Enable nullable reference types by @damianh in #254
  • Move to HybridCache in OAuth2Introspection by @bhazen in #274
  • Updated Identity Model to use 8.0.0 - Preview 1 in #284

Move to HybridCache in OAuth2Introspection

The use of IDistributedCache in this library has been replaced with the use of HybridCache. Part of this change was the removal of the EnableCaching option. Users who wish to not have introspection results cached should set the new SetCacheEntryFlags options to the value HybridCacheEntryFlags.DisableLocalCacheWrite | HybridCacheEntryFlags.DisableDistributedCacheWrite.

The primary motivation for this change was to disable an additional breaking change in the future. HybridCache does not currently support a mechanism for controlling the cache expiration in a factory method to fetch/create the cached data. This is problematic with introspection as RFC 7662 states: If the response contains the "exp" parameter (expiration), the response MUST NOT be cached beyond the time indicated therein. The requirement of the RFC prevents this library from benefitting from features of HybridCache such as stampede protection as the result of introspection needs to be known prior to interacting with the cache. This will be revisited in the future if and when HybridCache's API surface is updated to allow controlling a cache entry's cache duration inside a factory method.

Enhancements

Contributors

Thanks to the Duende.AspNetCore.Authentication.OAuth2Introspection community for your involvement with issues and pull requests!