Bump OpenIddict.Core from 4.3.0 to 4.6.0

[dependabot]

Bumps OpenIddict.Core from 4.3.0 to 4.6.0.

Release notes

Sourced from OpenIddict.Core's releases.

4.6.0

This release introduces the following changes:

• 9 new provider integrations have been added to OpenIddict.Client.WebIntegration:

  • Adobe
  • Autodesk
  • Kroger
  • Lichess
  • Notion
  • Salesforce
  • Shopify (note: the Shopify provider requires setting the shop name as an authentication property. See openiddict/openiddict-core#1811 for more information).
  • Verimi (thanks @​MarcelMalik for your contribution! ❤️)
  • Webex (Cisco)

• References to Azure Active Directory in the code documentation have been replaced by "Microsoft Entra ID" to match the new name of the service (see https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-is-becoming-microsoft-entra-id/ba-p/2520436 for more information).

• For better interoperability, the plain code challenge method is now allowed by default when enabling the authorization code or hybrid flows (note: the safer S256 method remains the recommended option and will always be preferred by the OpenIddict client).

Note At this stage, it's unlikely I'll port additional aspnet-contrib OAuth 2.0 providers myself as the remaining services all have a complicated registration process that makes them unattractive (e.g submission of new OAuth 2.0 clients no longer possible, missing documentation, phone number verification required, testing of development applications behind a paywall, etc.). Of course, pull requests sent by external contributors to implement these providers are accepted and are more than welcome. For more information, read openiddict/openiddict-core#1801.

4.5.0

This release introduces the following changes:

• It is now possible to have multiple web providers of the same type, which is particularly useful for self-hosted providers like ADFS. To highlight that, the options.UseWebProviders().Use[Provider]() APIs have been deprecated and replaced by new options.UseWebProviders().Add[Provider]() equivalents:

options.UseWebProviders()
       .AddActiveDirectoryFederationServices(options =>
       {
           options.SetIssuer("https://extranet.contoso.com/adfs")
                  .SetProviderName("Contoso")
                  .SetClientId("s6BhdRkqt3")
                  .SetClientSecret("7Fjfp0ZBr1KtDRbnfVdmIw")
                  .SetRedirectUri("callback/login/contoso");
       })
       .AddActiveDirectoryFederationServices(options =>
       {
           options.SetIssuer("https://extranet.fabrikam.com/adfs")
                  .SetProviderName("Fabrikam")
                  .SetClientId("3tqkRdhB6s")
                  .SetClientSecret("wImdVfnbRDtK1rBZ0pfjF7")
                  .SetRedirectUri("callback/login/fabrikam");
       });

• Multiple client registrations using the same Issuer URI are now supported. Specifying the issuer URI or provider name in challenge/sign-out properties is still fully supported, but setting the new OpenIddictClientRegistration.RegistrationId property is required when adding multiple client registrations that share the same issuer or provider name:

var properties = new AuthenticationProperties(new Dictionary<string, string>
{
    [OpenIddictClientAspNetCoreConstants.Properties.RegistrationId] = "B8E10AE5-9C68-409B-B94B-7E402F8C323C"
</tr></table> 

... (truncated)

Commits

• dcde046 Replace references to Azure Active Directory by Microsoft Entra ID
• 76c0501 Update Versions.props to build 4.6.0 packages
• bda451b Update the sponsors section
• e53a723 Enable the "plain" code challenge method by default to increase interoperability
• 1731efb Bring back the code comment indicating why response_type=token is never negot...
• 2ffce4b Update the sponsors section
• 130b6b9 Add Verimi to the list of supported providers
• fea9433 Add Salesforce to the list of supported providers
• a5fa58e Add Webex to the list of supported providers
• 804dcff Add Kroger to the list of supported providers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)