diff --git a/guide/migration.html b/guide/migration.html index 0b1e0ff..f5cfafe 100644 --- a/guide/migration.html +++ b/guide/migration.html @@ -76,7 +76,7 @@

Ensure migrations are correctly enabled for your project

Before migrating to OpenIddict RC2, make sure migrations are already enabled for your application. If you have a Migrations folder in your application root folder and an __EFMigrationsHistory table in your database, you're good to go.

-

If you don't have these Entity Framework Core artificats, migrations are likely not enabled. To fix that, add the following entries in your .csproj:

+

If you don't have these Entity Framework Core artifacts, migrations are likely not enabled. To fix that, add the following entries in your .csproj:

<ItemGroup>
   <PackageReference Include="Microsoft.EntityFrameworkCore.Design"
                     Version="2.0.0" PrivateAssets="All" />
@@ -177,7 +177,16 @@
     UpdateOpenIddictTablesAsync(app.ApplicationServices).GetAwaiter().GetResult();
 }

Run your application. Once it's correctly started, stop it and remove the migration script.

-

Optionally, update your code to grant applications the minimum required permissions

+

If your authorization server uses introspection, make sure resources are set in the authentication ticket

+

Setting an explicit list of resources is now required to allow client applications to introspect a token. +For that, call ticket.SetResources() with the list of the client identifiers allowed to validate the token. E.g:

+
var ticket = new AuthenticationTicket(
+    new ClaimsPrincipal(identity),
+    new AuthenticationProperties(),
+    OpenIdConnectServerDefaults.AuthenticationScheme);
+
+ticket.SetResources("tracking_api", "marketing_api");
+

Optionally, update your code to grant applications the minimum required permissions

Starting with RC2, OpenIddict includes an optional feature codenamed "app permissions" that allows controlling and limiting the OAuth2/OpenID Connect features a client application is able to use.

To learn more about this feature, read the Application permissions documentation.

@@ -262,11 +271,23 @@ controlling and limiting the OAuth2/OpenID Connect features a client application OpenIddictScopes +DisplayName +nvarchar(max) +Yes + + +OpenIddictScopes Properties nvarchar(max) Yes +OpenIddictScopes +Resources +nvarchar(max) +Yes + + OpenIddictTokens Properties nvarchar(max) diff --git a/manifest.json b/manifest.json index c4689c7..37a8011 100644 --- a/manifest.json +++ b/manifest.json @@ -140,7 +140,7 @@ "output": { ".html": { "relative_path": "guide/migration.html", - "hash": "LpaDiniOjh3+v0brkllWeQ==" + "hash": "Q+8Q9qt2+kQUAMVTDE5Hqw==" } }, "is_incremental": false, @@ -217,14 +217,14 @@ "can_incremental": false, "incrementalPhase": "build" }, + "ManagedReferenceDocumentProcessor": { + "can_incremental": false, + "incrementalPhase": "build" + }, "ResourceDocumentProcessor": { "can_incremental": false, "details": "Processor ResourceDocumentProcessor cannot suppport incremental build because the processor doesn't implement ISupportIncrementalDocumentProcessor interface.", "incrementalPhase": "build" - }, - "ManagedReferenceDocumentProcessor": { - "can_incremental": false, - "incrementalPhase": "build" } } },