Tonight DotNetOpenId, soon to be renamed DotNetOpenAuth, released beta 1 of the major v3.0 release. You can download the bits from Ohloh. Although downloads should remember that as a beta this version should not be used in production, there are several new features that should be worth investigating and building a web application around while the final release is still in development:
- OAuth support (Both for Service Provider and Consumer roles.)
- RP+OP: Exceptions are now much more predictable: the host need only catch ProtocolException to handle all unexpected error cases.
- RP+OP: OpenID extensions without simultaneous authentication.
- RP: Signed callback arguments so relying parties can be confident their data was not tampered with during authentication.
- RP: Smaller authentication request messages (shorter URLs).
- OP: Ability to customize the lifetimes of each shared association type for added security.
- Over 400 unit tests (150+ more than previous version).
The biggest addition is obviously OAuth support, which is an entirely new protocol that actually has little-to-nothing to do with OpenID, except that they work great together. To do this the entire library was rewritten on a new reusable messaging stack that both the OpenID and OAuth protocols share.
Also keep in mind that with the product rename, the namespace has changed, and a little bit of the public API as well. This means that this version is not simply a drop-in replacement for DotNetOpenId v2.0, and host sites will have to adjust their code accordingly.
But as always, your feedback and donations for this free, open source software are appreciated!