IdentityServer v7.0 includes support for .NET 8, pushed authorization requests, OpenTelemetry metrics, cleanup job improvements, and many other fixes and enhancements. Please see our release notes for complete details.
In your IdentityServer host project, update the version of the .NET framework. For example in your project file:
<TargetFramework>net6.0</TargetFramework>
would change to:
<TargetFramework>net8.0</TargetFramework>
Any NuGet packages that you are using that target an older version of .NET should also be updated. For example, the version of Microsoft.EntityFrameworkCore.SqlServer or Microsoft.AspNetCore.Authentication.Google should be updated. Depending on what your IdentityServer host project is using, there may or may not be code changes based on those updated dependencies.
In your IdentityServer host project, update the version of the Duende.IdentityServer package. For example in your project file:
<PackageReference Include="Duende.IdentityServer" Version="6.3.0" />
would change to:
<PackageReference Include="Duende.IdentityServer" Version="7.0" />
The schema updates required in this version are:
IdentityServer is abstracted from the data store on multiple levels, so the steps involved in updating your data store will depend on your implementation details.
The core of IdentityServer is written against the store interfaces, which abstract all the implementation details of actually storing data. If your IdentityServer implementation includes a custom implementation of those stores, then you will have to determine how best to include the changes in the model in the underlying data store and make any necessary changes to schemas, if your data store requires that.
We also provide a default implementation of the stores in the Duende.IdentityServer.EntityFramework package, but this implementation is still highly abstracted because it is usable with any database that has an EF provider. Different database vendors have very different dialects of sql that have different syntax and type systems, so we don’t provide schema changes directly. Instead, we provide the Entity Framework entities and mappings which can be used with Entity Framework’s migrations feature to generate the schema updates that are needed in your database.
To generate a migration for the new columns, run the command below. Note that you might need to adjust paths based on your specific organization of the migration files.
dotnet ef migrations add Update_DuendeIdentityServer_v7_0 -c ConfigurationDbContext -o Migrations/ConfigurationDb
dotnet ef migrations add Update_DuendeIdentityServer_v7_0 -c PersistedGrantDbContext -o Migrations/PersistedGrantDb
The ServerSideSession.Id property has been changed from int to long. The generated migration handles the data type change but does not take into account that this column is the primary key for the table. If the primary key constraint is not removed, running the migration will fail. The primary key of the table needs to be dropped before the type is altered and then recreated. The easiest way to do so is to update the generated migration file:
// Add this line before AlterColumn
migrationBuilder.DropPrimaryKey("PK_ServerSideSessions", "ServerSideSessions");
// This should already be in the generated code
migrationBuilder.AlterColumn<long>(
name: "Id",
table: "ServerSideSessions",
type: "bigint",
nullable: false,
oldClrType: typeof(int),
oldType: "int")
.Annotation("SqlServer:Identity", "1, 1")
.OldAnnotation("SqlServer:Identity", "1, 1");
// Add this after AlterColumn
migrationBuilder.AddPrimaryKey("PK_ServerSideSessions", "ServerSideSessions", "Id");
For most deployments the approach above will work. For deployments with high volumes of sessions, high availability demands and no low traffic hours this might cause unacceptable downtime. The impact and possible workarounds depend on the database engine used, but most databases include features for performing indexing operations and schema changes to an online system. Please consult your database’s documentation or your DBA for more guidance.
Once you’ve updated that migration, both migrations should be applied to your database:
dotnet ef database update -c ConfigurationDbContext
dotnet ef database update -c PersistedGrantDbContext
Some organizations prefer to use other tools for managing schema changes. You’re free to manage your schema however you see fit, as long as the entities can be successfully mapped. Even if you’re not going to ultimately use Entity Framework migrations to manage your database changes, generating a migration can be a useful development step to get an idea of what needs to be done.
IAuthorizationParametersMessageStore is deprecated. PAR is a more robust/standardized approach to get similar benefits.
The IHttpContextAccessor in the EndSessionRequestValidator is unused and has been marked as obsolete. It will be removed in a future version.
The KeyManagementOptions.SigningAlgorithms is now an ICollection rather than an IEnumerable. If you are configuring signing algorithms using code, and setting the SigningAlgorithms to some type that implements IEnumerable but not ICollection, then you must change the type that you are using. In practice, we expect everyone uses a list or array (which are both ICollections).
The value of the constant IdentityServerAuthenticationType has changed from “IdentityServer4” to “Duende.IdentityServer”. This constant is used as the value of the authentication type within the ClaimsIdentity that IdentityServer constructs. The authentication type’s value is never used by IdentityServer or ASP.NET, so this is unlikely to impact anyone. It is also the name of the default cors policy created by IdentityServer. This could theoretically impact you if you have a CORS policy named “Duende.IdentityServer”, as the new name now conflicts.
That’s it. Of course, at this point you can and should test that your IdentityServer is updated and working properly.
You are now done with everything related to the IdentityServer upgrade, but we would also like to add a references to breaking changes in .NET 8 and associated libraries that are likely to affect the IdentityServer setup.
Microsoft.Data.SqlClient.SqlException (0x80131904): The syntax near '$' is incorrect. or Microsoft.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near the keyword 'WITH'. Please see https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-8.0/breaking-changes#mitigations for more information.Microsoft.IdentityModel.* packages. With packages that are brought in as transient dependencies there is less control of the versions being pulled in. If different packages from the Microsoft.IdentityModel.* family end up having different versions, there will be odd bugs. We’ve seen reports where the refresh token isn’t stored and where the OIDC handler fails to redirect to an OIDC Provider because it failed reading the discovyer document. Always ensure that all Microsoft.IdentityModel.* packages are of exactly the same version. If they are not, you might need to make an explicit <PackageReference> to pin an exact version.