AspNet.Security.OpenIdConnect.Server 1.0.1 is out

Earlier today, a patch release for the OpenID Connect server middleware (aka ASOS) was pushed to

Here's the changelog:

  • The MatchEndpointContext.Options property that had been accidentally removed in 1.0.0 has been reintroduced in 1.0.1 (f17d9a4).
  • An exception is now automatically thrown at startup when registering a signing certificate that is no longer or not yet valid (583be00).
  • Internal code relying on JwtSecurityTokenHandler.CreateToken()/WriteToken() has been updated to use JwtSecurityTokenHandler.CreateEncodedJwt() to ensure JWT tokens are not signed twice (a499f11).

To migrate to the 1.0.1 packages, update your project.json/.csproj project file(s) manually or run the following command in the Package Manager Console:

ASP.NET Core 1.x version

Update-Package AspNet.Security.OpenIdConnect.Server -Version 1.0.1

OWIN/Katana 3.x version

Update-Package Owin.Security.OpenIdConnect.Server -Version 1.0.1