I just uploaded v2.3 to Nuget. There are a number of breaking changes I want to make you aware of (.Net 4.5 version only):
- By default the Web API authentication handler now requires SSL. You can turn that off on the authentication configuration using the RequireSsl property.
- By default the Web API authentication handler now uses the host’s client identity (if present). This can be turned off on the authentication configuration using the InheritHostClientIdentity property.
- When using session tokens, the token response uses the OAuth2 expires_in field. This used to be the token lifetime in epoch time format. Since this is wrong, the new version correctly sets this to the remaining token lifetime in seconds.
I (semantically) version to v2.3 so existing code does not break, but when you manually update the Nuget package you will get the new version.
Filed under: IdentityModel, WebAPI
