Version Quality improvements

New features and improvements

Added CORS policies for OIDC endpoints

We added CORS policies to allow access to 3 OIDC endpoints from client side: /oauth2/.well-known/openid-configuration, /oauth2/certs.idp, /oauth2/userinfo.idp. You can visit our CORS guideline for OIDC to learn more about how to set CORS up correctly.

Bug fixes

Identify Runtime

  • Fixed: #74112 [OAuth2.0] Value of the kid header of the access token and the ID token do not match with that of the OIDC's JWK endpoint.
  • Fixed: #74226 Deadlock occurs randomly when using signing certificates from an Azure Key Vault, especially when network connection from Identify to Azure is very slow.
  • Fixed: #74043 Identify still tries to log non-SAML participants out even if the first SAML logout request is invalid.