v11.1.3

Bugfixes

• #530 Truncate web.useragent sent to BankID in Auth/Sign/Payment API call. by @elinohlsson in PR 531

Documentation

• Remove entries in the table of contents pointing to missing sections. by @Arthacus in PR 513

New Contributors

• @Arthacus made their first contribution in #513

Full Changelog: v.11.1.2...v.11.1.3

v11.1.2

Bugfixes

• #508 Resolved an issue in the TypeScript code where a failure during the call to the internal checkStatus endpoint (e.g., due to a network error) could trigger a duplicate retry. If the first retry completed after the BankID order had already been finalized, the second retry would fail with HTTP 400 and an InvalidParameters: No such order error, since the BankID API does not allow additional calls to the collect endpoint once a status of complete or failed has been returned.
  by @elinohlsson in PR 528

Full Changelog: v.11.1.1...v.11.1.2

v11.1.1

Bugfixes

• #516 uiOptions are now stored in a cookie rather than appended to the ReturnURL. This change prevents issues caused by exceeding the 512-character limit for the ReturnUrl parameter in Auth, Sign, and Payment requests. by @Zonnex, @elinohlsson in PR 517, PR 521.
• #520 When the ReturnUrl is sent through an Auth, Sign, or Payment request to BankID, setting it to an empty string results in a 400 Bad Request. Therefore, String.Empty will no longer be used as the default value for manual navigation back to the originating application. Instead, the default value will be set to null, which will close the security application without redirecting back. by @Zonnex in PR 519

Full Changelog: v11.1.0...v.11.1.1

v11.1.0

Features

• #479 #455: Send the return URL to BankID as part of the auth/sign/payment request for BankID on the same device. This is the new recommended approach from BankID, replacing the previous method of including it as a query parameter in the autolaunch URL. Active Login currently sets it both ways; if both are provided, BankID will use the URL from the auth/sign/payment request. Custom implementations of IBankIdLauncher can be updated to use the new BankIdLaunchInfo constructor to provide the return URL.
  by @Zonnex in PR #499
• #468: Adds an extension method for configuring client certificate, allowing a service provider to be passed in.
  by @Zonnex in PR #502

Bugfixes & Improvements

• #504: Clarified documentation about cookies, data protection, and the need to configure a persisted key store in some scenarios.
  by @elinohlsson in PR #510
• #508 #498: Fixes an issue where the client could continue polling BankID for status even after a transaction had already been completed. This caused a pattern where a collect call would be complete, but subsequent scheduled status checks would still run and fail multiple times, resulting in the user seeing a generic error message.
  by @elinohlsson in PR #511

Full Changelog: v11.0.0...v11.1.0

v11.1.0 RC 1

Features

• #479 #455: Send the return URL to BankID as part of the auth/sign/payment request for BankID on the same device. This is the new recommended approach from BankID, replacing the previous method of including it as a query parameter in the autolaunch URL. Active Login currently sets it both ways; if both are provided, BankID will use the URL from the auth/sign/payment request. Custom implementations of IBankIdLauncher can be updated to use the new BankIdLaunchInfo constructor to provide the return URL.
  by @Zonnex in PR #499
• #468: Adds an extension method for configuring client certificate, allowing a service provider to be passed in.
  by @Zonnex in PR #502

Bugfixes & Improvements

• #504: Clarified documentation about cookies, data protection, and the need to configure a persisted key store in some scenarios.
  by @elinohlsson in PR #510
• #508 #498: Fixes an issue where the client could continue polling BankID for status even after a transaction had already been completed. This caused a pattern where a collect call would be complete, but subsequent scheduled status checks would still run and fail multiple times, resulting in the user seeing a generic error message.
  by @elinohlsson in PR #511

Full Changelog: v11.0.0...v11.1.0-rc-1

v11.0.0

What's Changed

• Add requirement cardreader for BankID Auth and Sign by @Zonnex in #495
• Remove allowed risk level requirement (since no longer supported by BankID) by @elinohlsson in #496
• Support for BankID payments https://developers.bankid.com/api-references/auth--sign/payment by @elinohlsson in #503

Full Changelog: v10.1.0...v11.0.0

v11.0.0 RC 2

What's Changed

• Revert to .Net 8 since certificate issues in .Net 9 is not yet resolved. by @elinohlsson in #501
• Implement support for BankID:s Payment API by @elinohlsson in #503

Full Changelog: v11.0.0-rc-1...v11.0.0-rc2

v11.0.0 RC 1

What's Changed

• Target .NET 9 @Zonnex in #494 #484
• Add support for requirement Card Reader to Auth and Sign request. by @Zonnex in #495 #389
• Remove support for blocking transactions based on risk level, since no longer supported by BankID. Use return risk instead and handle risk level in your application by @elinohlsson in #496 #485

Breaking Changes

This a major release, with some breaking changes. Most of them should go unnoticed for the majority of installations.

The most important ones are listed in the file BREAKINGCHANGES.md in the root of the repo.

Full Changelog: v10.1.0...v11.0.0

v10.1.0

What's Changed

• Bump Duende.IdentityServer from 7.0.7 to 7.0.8 in /samples/IdentityServer.ServerSample by @dependabot in #474
• Set requirements on how the authentication or signing order must be performed dynamically by @elinohlsson in #475
• Fix code scanning alert no. 124: Cross-site scripting by @Liteolika in #482
• Simulated API errors by @Liteolika in #483
• Feature/470 use new auth properties app and web by @Liteolika in #477
• perf: cache Parser by @Zonnex in #488
• Feature/return risk by @elinohlsson in #487

New Contributors

• @Liteolika made their first contribution in #482

Full Changelog: v10.0.1...v10.1.0

v10.1.0 RC 1

What's Changed

• Bump Duende.IdentityServer from 7.0.7 to 7.0.8 in /samples/IdentityServer.ServerSample by @dependabot in #474
• Set requirements on how the auth or sign order must be performed dynamically by @elinohlsson in #475
• Fix code scanning alert no. 124: Cross-site scripting by @Liteolika in #482
• Simulated API errors by @Liteolika in #483
• Feature/470 use new auth and sign properties app and web by @Liteolika in #477
• perf: cache Parser by @Zonnex in #488
• Feature/return risk by @elinohlsson in #487

New Contributors

• @Liteolika made their first contribution in #482

Full Changelog: v10.0.1...v10.1.0-rc-1