Kévin Chalet

Hey Vasu, Support for client authentication assertions in the server stack is tracked by https://github.com/openiddict/openiddict-core/issues/1251. 4.0 (whose 3rd preview shipped yesterday) will mostly focus on the whole new client stack...

Hey, Technically, the assertion grant is implemented almost exactly like the password flow in OpenIddict. If we leave the assertion validation part as an exercise, I'm not sure it will...

It's definitely something that would be worth adding. Would you be interested in sending a PR to fix that?

@brentschmaltz you mentioned in https://github.com/dotnet/aspnetcore/issues/36175#issuecomment-1012326509 you were making good progress on that. Could you please tell us more about your plans? E.g what does that mean for the older TFMs...

@brentschmaltz awesome, thanks! > Sometimes there are insignificant bits. That was my feeling too, but in this particular case, the "extra last bits" are considered by IdentityModel as being part...

Someone else emailed me to tell me they were concerned about this behavior. Do you have any news?

@TimHannMSFT thank you for reaching out! One of the biggest complaints I have with IdentityModel regarding logging is the fact that the error messages became useless OOTB since the introduction...

Great, thanks for taking a look, @brentschmaltz. Note: it's possible this is not the only place that needs an update for `ClaimsIdentity.Actor` to work correctly: the reading part seems to...

> Would that sound like a good approach for validation {ActorClaimType, ActorClaimTypeRetriever} (TokenValidationParameters)? For SecurityTokenDescriptor, perhaps a single property {ActorClaimType}, then actually write the value :-) Sounds like a good...

> Maybe [OpenIddict](https://github.com/openiddict) will be a candidate when updating our software to .NET 6.0. It's worth noting OpenIddict is now natively compatible with `Microsoft.Owin` (support was added in 3.0 to...