Kévin Chalet

When I started working on OpenIddict, there was a strong demand for templates. I've never been completely opposed to that, but it's extremely important to note that maintaining templates in...

Most server integration tests have been ported. Only the token creation/validation tests (JWT + DataProtection) need to be added back.

It's not a bug: the OpenIddict client doesn't support logout yet.

> Do I need to create a new client certificate? Yep, it's the right option: generate a new pair of signing and encryption certificates just like you did for the...

@feededit FYI, logout support was added in 4.0.0-preview3, that was released today: https://github.com/openiddict/openiddict-core/releases/tag/4.0.0-preview3 Both the Velusia and Mortis client samples were updated to target preview3: - https://github.com/openiddict/openiddict-samples/tree/dev/samples/Velusia/Velusia.Client - https://github.com/openiddict/openiddict-samples/tree/dev/samples/Mortis/Mortis.Client

Hey @limaAniceto. Do you have (good) news for us? 😃

> The time to fix is indeterminate. Haha, it's indeed getting really ridiculous, given how easy this should be to fix. For reference, in OpenIddict, it's implemented in literally 3...

@ben-xo hey. I'm not sure a runnable test case would be useful as `state` is a core concept of the OAuth 2.0 specification and not something specific to a language...

It's worth mentioning that the `state` parameter is required and must be returned even for errored responses, as indicated in the next section: https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1

Woo, to be honest, this is getting quite ridiculous, don't you guys have test clients you use internally to test your own server implementation? (well, I guess not, otherwise we...