chore(deps): update minor-updates-nuget to 6.1.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
OpenIddict.AspNetCore (source)	6.0.0 -> 6.1.0
OpenIddict.Core (source)	6.0.0 -> 6.1.0
OpenIddict.EntityFrameworkCore (source)	6.0.0 -> 6.1.0

---

Release Notes

openiddict/openiddict-core (OpenIddict.AspNetCore)

v6.1.0

Compare Source

This release introduces the following changes:

• Native support for OAuth 2.0 Pushed Authorization Requests (aka PAR) has been implemented in both the OpenIddict client and server stacks. PAR increases the security level of user-interactive grants - like the code flow - by sending the actual authorization request parameters via backchannel communication before redirecting the user agent to the regular authorization endpoint with a unique and random request_uri attached. PAR has recently gained traction and is now supported by some OAuth 2.0 services and libraries (including Keycloak and Microsoft's ASP.NET Core OpenID Connect handler starting in .NET 9.0).

[!TIP]
For more information on how to use OAuth 2.0 Pushed Authorization Requests in OpenIddict, read Pushed Authorization Requests.

• As part of the PAR introduction, the authorization and end session request caching feature has been completely revamped to use the same code path as pushed authorization requests and the OpenIddict-specific request_id parameter has been replaced by request_uri. While cached requests were persisted using IDistributedCache in previous versions, they are now stored in request tokens and persisted in OpenIddict's tokens table with the other tokens.

[!NOTE]
The EnableAuthorizationRequestCaching and EnableEndSessionRequestCaching options have been moved from OpenIddictServerAspNetCoreOptions and OpenIddictServerOwinOptions to OpenIddictServerOptions (the original options are no longer honored). The corresponding methods in OpenIddictServerAspNetCoreBuilder and OpenIddictServerOwinBuilder are still functional - they internally use the new properties - but are now obsolete.

• GitCode, VK ID and Yandex are now supported by the OpenIddict.Client.WebIntegration package (thanks @​gehongyan and @​t1moH1ch! ❤️).

[!NOTE]
With these new providers, the OpenIddict client now supports 100 web services! 🎉

• The InteractiveChallengeRequest and InteractiveSignOutRequest models have been updated to allow easily attaching an identity token or login hint to authorization and end session requests.

• The OpenIddict*AuthorizationStore.PruneAsync() implementations were updated to always exclude permanent authorizations that still have tokens attached, which should reduce risks of seeing SQL exceptions when one of the pruned authorizations still has children entities attached.

• An issue affecting the OpenIddictEntityFrameworkCoreAuthorizationStore.FindByApplicationIdAsync() API was identified and fixed (thanks @​simon-wacker! ❤️)

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.