Duende IdentityServer v5.1 to v5.2

This upgrade guide covers upgrading from Duende IdentityServer v5.1 to v5.2 (release notes).

Step 1: Update NuGet package

In your IdentityServer host project, update the version of the NuGet. For example in your project file:

<PackageReference Include="Duende.IdentityServer" Version="5.1.0" />

would change to:

<PackageReference Include="Duende.IdentityServer" Version="5.2.0" />

Step 2: Update Database Schema (if needed)

If you are using a database for your configuration data, then there is a database schema update for the new Dynamic Providers feature (more details). This includes:

  • A new table called IdentityProviders for storing the OIDC provider details. Its TSQL schema would look like this:
CREATE TABLE [IdentityProviders] (
    [Id] int NOT NULL IDENTITY,
    [Scheme] nvarchar(200) NOT NULL,
    [DisplayName] nvarchar(200) NULL,
    [Enabled] bit NOT NULL,
    [Type] nvarchar(20) NOT NULL,
    [Properties] nvarchar(max) NULL,
    CONSTRAINT [PK_IdentityProviders] PRIMARY KEY ([Id])
);

IdentityServer is abstracted from the data store on multiple levels, so the exact steps involved in updating your data store will depend on your implementation details.

Custom Store Implementations

The core of IdentityServer is written against the store interfaces, which abstract all the implementation details of actually storing data. If your IdentityServer implementation includes a custom implementation of those stores, then you will have to determine how best to include the changes in the model in the underlying data store and make any necessary changes to schemas, if your data store requires that.

Duende.IdentityServer.EntityFramework

We also provide a default implementation of the stores in the Duende.IdentityServer.EntityFramework package, but this implementation is still highly abstracted because it is usable with any database that has an EF provider. Different database vendors have very different dialects of sql that have different syntax and type systems, so we don’t provide schema changes directly. Instead, we provide the Entity Framework entities and mappings which can be used with Entity Framework’s migrations feature to generate the schema updates that are needed in your database.

To generate a migration, run the command below. Note that you might need to adjust paths based on your specific organization of the migration files.

dotnet ef migrations add Update_DuendeIdentityServer_v5_2 -c ConfigurationDbContext -o Data/Migrations/IdentityServer/ConfigurationDb

Then to apply those changes to your database:

dotnet ef database update -c ConfigurationDbContext

Some organizations prefer to use other tools for managing schema changes. You’re free to manage your schema however you see fit, as long as the entities can be successfully mapped. Even if you’re not going to ultimately use Entity Framework migrations to manage your database changes, generating a migration can be a useful development step to get an idea of what needs to be done.

Step 4: Update custom AuthorizeInteractionResponseGenerator (if needed)

If you have created a custom, derived implementation of the AuthorizeInteractionResponseGenerator, then the constructor must accept an additional parameter of type IdentityServerOptions. This is needed for the new tenant validation in authorize endpoint requests.

Step 5: Done!

That’s it. Of course, at this point you can and should test that your IdentityServer is updated and working properly.