In that strange period between Christmas and New Years, I finally had a chance to finish off some long-running dev tasks for IdentityManager2. This means that IdentityManager2 now targets ASP.NET Core 3.1, has dropped the beta suffix, and is now contains less legacy code from v1.
It would be wrong not to thank ChaosEngine who’s pull requests and gentle nudging helped make this release happen.
- Updated to ASP.NET Core 3.1
- Replaced custom OAuth access token usage for SameSite cookie
- Updated base html page to be a Razor View
- Fixed navbar responsiveness
- Updated bootstrap and jquery
- Updated angularjs 🤢
- Removed usage of Newtonsoft.Json
- Removed usage of AutoMapper
- Removed usage of custom Base64Url encoding
- Added new sample hosts (link)
IdentityManager now uses a SameSite cookie for API access, with an authentication scheme of
idmgr.api and a SameSite value of Strict.
This cookie has a separate lifetime than the user’s session and will continue to be refreshed as long as your main session is valid.
Moving to a SameSite cookie for API access has made the legacy angularjs frontend much simpler to maintain and has allowed me to remove the hacky internal OAuth server with which I initially released.
State of the UI
Unfortunately, IdentityManager2 is still stuck with its old angularjs frontend. But I’ve at least moved it off of an RC version and simplified it by removing the use of OAuth.
I plan to use some developer resources at Rock Solid Knowledge to migrate this to something a bit more modern and extensible. We would run this development as one of Rock Solid Knowledge’s internal dev projects, where employees can set aside a week to work on and deliver a side-project.
Routing is currently up for grabs. Currently, IdentityManager2 still uses controllers for its API endpoints. If you think breaking the bonds of MVC would be beneficial and have some ideas as to how to do that, get involved on GitHub.
If you’ve not yet used IdentityManger2, check out my article Getting Started with IdentityManager2.