Version 5.x has been out of support since December 13, 2022, and this corresponding section of the documentation is no longer maintained. We strongly recommend upgrading to a supported version.

Duende IdentityServer v5.1 to v5.2

This upgrade guide covers upgrading from Duende IdentityServer v5.1 to v5.2 (release notes).

Step 1: Update NuGet package

In your IdentityServer host project, update the version of the NuGet. For example in your project file:

<PackageReference Include="Duende.IdentityServer" Version="5.1.0" />

would change to:

<PackageReference Include="Duende.IdentityServer" Version="5.2.0" />

Step 2: Update Database Schema (if needed)

If you are using a database for your configuration data, then there is a database schema update for the new Dynamic Providers feature (more details). This includes:

  • A new table called IdentityProviders for storing the OIDC provider details. Its TSQL schema would look like this:
CREATE TABLE [IdentityProviders] (
    [Id] int NOT NULL IDENTITY,
    [Scheme] nvarchar(200) NOT NULL,
    [DisplayName] nvarchar(200) NULL,
    [Enabled] bit NOT NULL,
    [Type] nvarchar(20) NOT NULL,
    [Properties] nvarchar(max) NULL,
    CONSTRAINT [PK_IdentityProviders] PRIMARY KEY ([Id])
);

If you are using the Duende.IdentityServer.EntityFramework package as the implementation for the database and you’re using EntityFramework Core migrations as the mechanism for managing those schema changes over time, the commands below will update those migrations with the new changes. Note that you might need to adjust based on your specific organization of the migration files.

dotnet ef migrations add Update_DuendeIdentityServer_v5_2 -c ConfigurationDbContext -o Data/Migrations/IdentityServer/ConfigurationDb

Then to apply those changes to your database:

dotnet ef database update -c ConfigurationDbContext

Step 4: Update custom AuthorizeInteractionResponseGenerator (if needed)

If you have created a custom, derived implementation of the AuthorizeInteractionResponseGenerator, then the constructor must accept an additional parameter of type IdentityServerOptions. This is needed for the new tenant validation in authorize endpoint requests.

Step 5: Done!

That’s it. Of course, at this point you can and should test that your IdentityServer is updated and working properly.