|
| 1 | +--- |
| 2 | +title: "Duende AccessTokenManagement v3.x to v4.0" |
| 3 | +description: Guide for upgrading Duende BFF Security Framework from version 3.x to version 4.0, including migration steps for custom implementations and breaking changes. |
| 4 | +sidebar: |
| 5 | + label: v3.x → v4.0 |
| 6 | + order: 100 |
| 7 | +--- |
| 8 | + |
| 9 | +## Changes |
| 10 | +### Moving Towards HybridCache Implementation and Away from Distributed Cache |
| 11 | + |
| 12 | +Microsoft has recently released HybridCache. While this is only released as a .NET 9 DLL, these assemblies work fine in .NET 8. So, while we still support .NET 8 with ATM 4.0, we are moving towards using HybridCache. |
| 13 | + |
| 14 | +HybridCache brings significant improvements for us. Because of the two-layered cache, we've found it significantly improves performance. |
| 15 | +If you currently use a distributed cache, this should still work seamlessly. |
| 16 | + |
| 17 | +If you wish to encrypt access tokens, you can do so by implementing a custom serializer. Documentation on this will follow later. |
| 18 | + |
| 19 | +We have added support for using a custom HybridCache instance via keyed services. |
| 20 | + |
| 21 | +### Complete Internal Refactoring |
| 22 | + |
| 23 | +The library has undergone extensive internal changes—so much so that it can be considered a new implementation under the same conceptual umbrella. Despite this, the public API surface remains mostly compatible with earlier versions. |
| 24 | + |
| 25 | +* New extensibility model (see below). |
| 26 | +* All async methods now support cancellation tokens. |
| 27 | +* Renaming of certain classes and interfaces (see below). |
| 28 | +* Implementation logic is now internal. |
| 29 | + |
| 30 | +#### Reduced Public API Surface |
| 31 | + |
| 32 | +All internal implementation details are now marked as internal, reducing accidental coupling and clarifying the intended extension points. In V3, all classes were public and most public methods were marked as virtual. This meant you could override any class by inheriting from it and overriding a single method. |
| 33 | + |
| 34 | +While this was very convenient for our consumers, it made it very difficult for us to introduce changes to the library without making breaking changes. |
| 35 | + |
| 36 | +We still want to ensure our users' extensibility needs are met, but via more controlled mechanisms. If you find that you have an extensibility need that is not covered by the new model, please raise a discussion in our discussion board. If this is a scenario we want to support, we'll do our best to accommodate it. |
| 37 | + |
| 38 | +### Explicit Extension Model |
| 39 | + |
| 40 | +Instead of relying on implicit behaviors or inheritance, V4 introduces clearly defined extension points, making it easier to customize behavior without relying on internal details. |
| 41 | + |
| 42 | +### Composition Over Inheritance |
| 43 | + |
| 44 | +The `AccessTokenHandler` has been restructured to use composition rather than inheritance, simplifying the customization of token handling and increasing testability. |
| 45 | + |
| 46 | +If you wish to implement a custom access token handling process, for example to implement token exchange, you can now implement your own `AccessTokenRequestHandler.ITokenRetriever`. |
| 47 | + |
| 48 | +### Strongly Typed Configuration |
| 49 | + |
| 50 | +Configuration is now represented by strongly typed objects, improving validation, discoverability, and IDE support. |
| 51 | + |
| 52 | +This means that where before you could assign strings to the configuration system, you'll now have to explicitly parse the string values. |
| 53 | + |
| 54 | +For example: |
| 55 | + |
| 56 | +```csharp |
| 57 | +var scheme = Scheme.Parse("oidc"); |
| 58 | + |
| 59 | +``` |
| 60 | + |
| 61 | +### Renamed classes |
| 62 | +Several classes have been renamed, either to make their usage clearer or to drop the 'service' suffix, which only adds noise: |
| 63 | + |
| 64 | +AccessTokenHandler => AccessTokenRequestHandler |
| 65 | +ClientCredentialsTokenManagementService => IClientIClientCredentialsTokenManager |
| 66 | +IClientCredentialsTokenEndpointService => IClientCredentialsTokenEndpoint |
| 67 | +IUserTokenManagementService => IUserTokenManager |
| 68 | +ITokenRequestSynchronization => IUserTokenRequestConcurrencyControl |
| 69 | +IUserTokenEndpointService => IUserTokenEndpoint |
0 commit comments