IdentityModel Validation model change #2711
Description
IdentityModel is responsible for validating SecurityTokens. Validating a SecurityToken requires validating multiple parts and reporting the results. Common parts to validate are the issuer, audience, expiration. Default validation is included for important parts of the SecurityToken. The current model provides extensibility using delegates for validation.
Issues we want to address:
- Simplify the extensibility model by reducing options.
- Remove exceptions as the model for control.
- Current validation and delegates throw exceptions on errors.
- Current validation logs errors by default.
- Callers will receive a complete description of how the validation occurred.
Proposal
- Define a set of objects that return the results of a validation step.
- Define a new set of delegates that are async and return a result.
Each validation step will return a specialized ValidationResult type that contain details that will provide upper layers to the examine errors with contain exception details, log details with a stacktrace that can be thrown or logged.
Related PRs: #2709, #2688, #2679, #2672, #2671, #2669, #2655