Wednesday, February 04, 2009

DotNetOpenId v3.0 Beta 1 released

Tonight DotNetOpenId, soon to be renamed DotNetOpenAuth, released beta 1 of the major v3.0 release.  You can download the bits from Ohloh.  Although downloads should remember that as a beta this version should not be used in production, there are several new features that should be worth investigating and building a web application around while the final release is still in development:

  • OAuth support (Both for Service Provider and Consumer roles.)
  • RP+OP: Exceptions are now much more predictable: the host need only catch ProtocolException to handle all unexpected error cases.
  • RP+OP: OpenID extensions without simultaneous authentication.
  • RP: Signed callback arguments so relying parties can be confident their data was not tampered with during authentication.
  • RP: Smaller authentication request messages (shorter URLs).
  • OP: Ability to customize the lifetimes of each shared association type for added security.
  • Over 400 unit tests (150+ more than previous version).

The biggest addition is obviously OAuth support, which is an entirely new protocol that actually has little-to-nothing to do with OpenID, except that they work great together.  To do this the entire library was rewritten on a new reusable messaging stack that both the OpenID and OAuth protocols share. 

Also keep in mind that with the product rename, the namespace has changed, and a little bit of the public API as well.  This means that this version is not simply a drop-in replacement for DotNetOpenId v2.0, and host sites will have to adjust their code accordingly.

But as always, your feedback and donations for this free, open source software are appreciated!

2 comments:

  1. if i'm not wrong, there is no code change except the namespace , for webforms relying party, in the sample, right?

    ReplyDelete
  2. itools,

    That's not fully determined. At this point, whether the namespace is all that a relying party needs to change for the upgrade depends on how much of the public API the site touches. A better, more comprehensive write-up will hopefully be ready when the final version is released.

    ReplyDelete