Features
Multiple redirect URLs for Entra ID OIDC
You can now enter multiple login and logout redirect URLs for Microsoft Entra ID OIDC and other OIDC identity fabric services. We have also updated the look and feel of the Identity Fabric page to be more consistent with the Deployments user experience.
Click to enlarge
PKCE bypass for OIDC apps
OIDC apps now support bypassing PKCE when using the Authorization Code grant type for public clients.
Per OAuth 2.0 Security Best Current Practice, public clients MUST use PKCE when using the Authorization Code grant type. The Bypass PKCE option should only be used for legacy apps that are unable to use PKCE. Avoid using this configuration unless absolutely necessary.
Session correlation for OIDC providers
The OIDC provider can now optionally correlate back-channel requests with the resource owner's session. This can help you trace backchannel token requests to the resource owner. For more information, please see OIDC provider configuration.