diff --git a/guide/migration/20-to-30.md b/guide/migration/20-to-30.md index 6ad02b1..5a04232 100644 --- a/guide/migration/20-to-30.md +++ b/guide/migration/20-to-30.md @@ -98,18 +98,19 @@ services.AddOpenIddict() }); ``` -## Enable request caching +## Use the new request caching APIs, if applicable -If previously application was using request caching functionality, the new way to toggle request caching feature (previously `options.EnableRequestCaching()`) to use `OpenIddictServerAspNetCoreBuilder` class methods (divided into explicit methods): +In 3.0, the `OpenIddictServerBuilder.EnableRequestCaching()` API - that enabled request caching for both authorization and logout request - +was replaced by 2 separate methods. If your application depends on request caching, don't forget to enable it when migrating to 3.0: ```csharp services.AddOpenIddict() .AddServer(options => { options.UseAspNetCore() - .EnableAuthorizationRequestCaching() - .EnableLogoutRequestCaching(); - }) + .EnableAuthorizationRequestCaching() + .EnableLogoutRequestCaching(); + }); ``` ## Replace JSON.NET by `System.Text.Json` @@ -135,6 +136,11 @@ In 3.0, the constants used as the ASP.NET Core authentication schemes have chang | OpenIddictValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme | | OAuthValidationDefaults.AuthenticationScheme | OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme | +> [!NOTE] +> In 3.0, the OpenIddict server ASP.NET Core handler supports authenticating userinfo requests. As such, if you use the pass-through mode +> to handle userinfo requests in your own userinfo MVC action, consider using `OpenIddictServerAspNetCoreDefaults.AuthenticationScheme` +> instead of `OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme` for your userinfo endpoint to avoid duplicate access token validation. + ## Update your application to work with the new `scope` format In OpenIddict 3.0, the format of the `scope` claim used in JWT tokens has changed from a JSON array to a single space-separated claim to match