IdentityModel has been growing organically over the last years, and we felt it is necessary to do some fundamental cleanup. At the same time it is used by a lot of people and companies (currently around 20 million downloads on nuget) – which is a bit scary when doing breaking changes.
But since we are at a point where a new .NET Core runtime is released, and thus many other libraries will release new major version, we thought that this might be a good opportunity to make the changes.
**This version is a breaking release!!!**
Stay on v3.x if you are using:
* IdentityServer4 v2.x
* IdentityServer4.AccessTokenValidation v2.x
* IdentityModel.AspNetCore.OAuth2Introspection v3.x
* IdentityModel.OidcClient v2.x
All subsequent major versions of the above mentioned packages have switched to IdentityModel v4 and will be released along with IdentityServer4 v3 on the 23rd September.
In the coming days I will push IdentityModel v4 to nuget – here’s a high level list of the changes.
**Target frameworks**
I dropped the net452 target – v4 is targeting net461 and netstandard2.0 only.
**Removed old `*Client` classes**
I removed the protocol client classes like `TokenClient` in favour of the newer style extension methods for HttpMessageInvoker (the base class of HttpClient). This allows you to manage the setup and lifetime of the HTTP client yourself.
I added a new `TokenClient` and `IntrospectionClient` based on the new design which is now DI and `HttpClientFactory` friendly. I did that mainly because I needed them in some other project. Give them a try, and see if they work for you as well.
**Removed access token related delegating handlers for `HttpClient`**
I never was happy with their design, and they also did not work for some common scenarios. Part of the work has been moved to [OidcClient](https://github.com/IdentityModel/IdentityModel.OidcClient2) (for native apps) and part of it has been moved to the [ASP.NET Core specific IdentityModel](https://github.com/IdentityModel/IdentityModel.AspNetCore).
**Updated extension methods**
The protocol extensions methods have been re-written from the ground up. The public API surface stayed mostly the same, but certain classes have been renamed for clarity.
The request objects now derive from `HttpRequestMessage` which gives you more control over the HTTP details (e.g. headers).
**Updated Epoch Extensions**
Year 2038 is coming! All extensions have been updated to use long instead of int. Alternatively – .NET has built-in support now as well. So feel free to switch to that if you like.
**Misc**
I probably changed some parameter, classes and namespace names..