Bump IdentityServer4 from 2.3.2 to 2.5.1

[dependabot-preview]

Bumps IdentityServer4 from 2.3.2 to 2.5.1.

Release notes

Sourced from IdentityServer4's releases.

2.5.1

As part of this release we had 6 issues closed.

bug

• [#3491](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3491) fix JS for automatic signout redirect

enhancements

• [#3478](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3478) CORS validation handling normalized URIs
• [#3464](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3464) Easier support for impersonating clients
• [#3463](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3463) Easier Authorization Code extensibility
• [#3462](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3462) Introduce separate property to hold the values of the request object
• [#3442](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3442) Set client id in user login events from resource owner password validator

2.5.0

As part of this release we had 44 issues closed.

bugs

• [#3404](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3404) HashedSharedSecretValidator does not catch null value
• [#3391](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3391) Added check to scope validator for missing identity and api scopes
• [#3388](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3388) repro PR for Incorrect secret type for missing secret in BasicAuth #2975
• [#3358](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3358) DefaultTokenService - access token claims without distinct
• [#3330](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3330) Object reference not set to an instance of an object - when calling RequestClientCredentialsTokenAsync
• [#3325](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3325) ids4 configured to use external ConsentUrl duplicates path in ReturnUrl
• [#3320](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3320) Include identity resource properties in GetAllResourcesAsync
• [#3282](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3282) Add vary by origin for Cache-Control on disco endpoints
• [#3128](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3128) Latest Identity Server 4 OIDC Form Post doesn't work when run in a WinForms WebBrowser control
• [#3013](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3013) IdentityServer4.Models.ApiResourceExtensions.CloneWithScopes does not clone properties
• [#2875](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/2875) code flow with fragment response mode is not allowed

enhancements

• [#3422](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3422) Add claims transformation event to local API authN handler
• [#3409](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3409) add AddValidationKeys signature accepting X509Certificate2[] (#3383)
• [#3406](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3406) add scope to all token responses
• [#3392](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3392) Added scope param to token endpoint for device grant type
• [#3382](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3382) add message store abstraction on authorization request params
• [#3298](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3298) should never cache temporary data with no expiration
• [#3276](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3276) Handle unknown idp at login
• [#3257](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3257) Make EntityFramework.Stores*Store.cs private fields accessible for derived Classes
• [#3254](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3254) Prototype for pluggable authN MW
• [#3243](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3243) Use Task.CompletedTask to reduce allocations
• [#3242](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/issues/3242) Consider global switch to disable request_uri feature
• [#3241](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3241) Add support for signed authorize requests
• [#3234](https://github-redirect.dependabot.com/IdentityServer/IdentityServer4/pull/3234) Add Client.Id and to UserLoginSuccessEvent and UserLoginFailureEvent

... (truncated)

Commits

• 58bdb1f pin version to 2.5.1
• 13430dc fix JS for automatic signout redirect (#3491)
• 80d7a39 CORS validation handling normalized URIs (#3478)
• 9132c80 add tests for token endpoint and odd headers
• 85e95fd Update 1_client_credentials.rst (#3486)
• d942a4f Since ClientId was introduced on the base class (for impersonation) - it can ...
• 0038e71 3445 refresh token logs (#3468)
• 94ee194 Easier support for impersonating clients (#3464)
• f7362df Easier Authorization Code extensibility (#3463)
• 6ef66a1 Set client id in user login events from resource owner password validator (#3...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #55.