Bump Duende.AccessTokenManagement.OpenIdConnect from 4.0.1 to 4.1.0

[dependabot]

Updated Duende.AccessTokenManagement.OpenIdConnect from 4.0.1 to 4.1.0.

Release notes

Sourced from Duende.AccessTokenManagement.OpenIdConnect's releases.

4.1.0-rc.1

This is a release candidate which contains a new feature and support for .NET 10.

In addition to target the .NET 10 GA release over the RC2 release, there have been several enhancements since the last preview version was released:

• Introduce a Token Cache Duration Store by @​pgermishuys in #​289
• Enable ForceTokenRenewal of OIDC User Access Token by @​pgermishuys in #​290
• Ensure Assertions are used during Token Refreshes by @​pgermishuys in #​293

Enhancements

• .NET 10 RC1 support by @​damianh in #​211
• Remove unused package references by @​damianh in #​242
• .NET 10 RC2 by @​damianh in #​277
• Identity Model 8.0.0 - Preview 1 by @​josephdecock #​284
• Identity Model 8.0.0 - Release Candidate 1 by @​bhazen #​295
• Introduce a Token Cache Duration Store by @​pgermishuys in #​289
• Enable ForceTokenRenewal of OIDC User Access Token by @​pgermishuys in #​290
• Ensure Assertions are used during Token Refreshes by @​pgermishuys in #​293
• Update to .NET 10 GA Release by @​bhazen in #​294

4.1.0-preview.2

This is a preview release which contains a new feature and support for .NET 10 RC2.

This corrects the version of Identity Model to use the latest preview 8.0.0 - preview 1.

Enhancements

• .NET 10 RC1 support by @​damianh in #​211
• Remove unused package references by @​damianh in #​242
• .NET 10 RC2 by @​damianh in #​277
• Identity Model 8.0.0 - Preview 1 by @​josephdecock #​284

4.1.0-preview.1

Note:

There were minor issues with this release, please use Duende Access Token Management 4.1.0 Preview 2 instead.

This is a preview release which contains a new feature and support for .NET 10 RC2.

Enhancements

• .NET 10 RC1 support by @​damianh in #​211
• Remove unused package references by @​damianh in #​242
• .NET 10 RC2 by @​damianh in #​277

Introduction of Token Request Customization

Previously there was no ability to modify the token request parameters before a request is made to retrieve a token. This restricted the ability for users to scope tokens based on a particular request context.

We have provided the above mentioned capability by introducing an ITokenRequestCustomizer. Given the HttpRequestMessage as well as the TokenRequestParameters the user can customize the TokenRequestParameters that will be used to make the token request.

• ITokenRequestCustomizer interface - Service for customizing token request parameters based on HTTP request context
• New overloads for token handler extension methods that accept an optional ITokenRequestCustomizer parameter:
  • AddClientCredentialsTokenHandler(ITokenRequestCustomizer?, ClientCredentialsClientName)
  • AddClientAccessTokenHandler(ITokenRequestCustomizer?, UserTokenRequestParameters?)
  • AddUserAccessTokenHandler(ITokenRequestCustomizer?, UserTokenRequestParameters?)

Example usage:

public class ByPartitionIdTokenRequestCustomizer : ITokenRequestCustomizer
{
    public Task<TokenRequestParameters> Customize(
        HttpRequestMessage httpRequest,
        TokenRequestParameters baseParameters,
        CancellationToken cancellationToken = default)
    {
        var partitionId = httpRequest.Headers.GetValues("X-Partition-Id").FirstOrDefault();
        
        var customizedParams = baseParameters with
        {
            Scope = Scope.Parse($"api.{partitionId}")
        };
        
        return Task.FromResult(customizedParams);
    }
}

services.AddHttpClient("clientApi")
    .ConfigureHttpClient(client => client.BaseAddress = new Uri("https://api.example.com"))
    .AddClientCredentialsTokenHandler(
        new ByPartitionIdTokenRequestCustomizer(),
        ClientCredentialsClientName.Parse("example-client"));

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)