New features and improvements
Added CORS policies for OIDC endpoints
We added CORS policies to allow access to 3 OIDC endpoints from client side: /oauth2/.well-known/openid-configuration
, /oauth2/certs.idp
, /oauth2/userinfo.idp
. You can visit our CORS guideline for OIDC to learn more about how to set CORS up correctly.
Bug fixes
Identify Runtime
- Fixed: #74112 [OAuth2.0] Value of the kid header of the access token and the ID token do not match with that of the OIDC's JWK endpoint.
- Fixed: #74226 Deadlock occurs randomly when using signing certificates from an Azure Key Vault, especially when network connection from Identify to Azure is very slow.
- Fixed: #74043 Identify still tries to log non-SAML participants out even if the first SAML logout request is invalid.