[Breaking Change][Upcoming] Add strong type validation for JWT registered claims #1911
Description
Background
.NET8 has introduced a break change that impacts to JWT token registered claims type validations. And SDK needs to follow this to avoid customer adding wrong claims and lead to potential failure.
Additional context
- JWT RFC
- [Breaking change]: JwtBearer, WsFederation, and OpenIdConnect events context properties of type SecurityToken now return a JSonWebToken by default aspnet/Announcements#508
Related Incident in Azure SignalR Service
Start Time
- 22/01/2024, 13:31 in East US
- 31/01/2024, 16:33 in regions Australia Southeast, Canada East, Central US, Germany West Central, Japan West, Qatar Central, Southeast Asia, South Central US, Switzerland West, UK South, West Europe, West US, West US 3
Impacts
Customers who are set incorrect registered claims like iss/sub to array string will get 401 in negotiation to service.
Root Cause
New release in SignalR Service upgrade the framework to .NET8 and introduce this break change in JWT token where leads to deserialization failure when check the token.
Fix
Rollback for impacting customers and SignalR service will provide a temporary compatible version during transition period. Besides, service will inform customers of this upcoming break changes and need to correct the behavior in a few months.
Recovery
Rollback is completed on 2/6.