Bump System.IdentityModel.Tokens.Jwt from 7.6.0 to 8.14.0 #165
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
Updated System.IdentityModel.Tokens.Jwt from 7.6.0 to 8.14.0.
Release notes
Sourced from System.IdentityModel.Tokens.Jwt's releases.
8.14.0
8.14.0
Bug Fixes
ValidationResultinstead ofOperationResultwhen validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #3299 for details.8.13.1
8.13.1
Dependencies
Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0
Bug Fixes
Work related to redesign of IdentityModel's token validation logic #2711
8.13.0
8.13.0
8.13.0
Fundamentals
CaseSensitiveClaimsIdentity.SecurityTokensetter is now protected internal (was internal). See PR #3278 for details.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0
8.12.1
8.12.1
Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1
8.12.0
8.12.0
New Features
Added event handling capabilities to the
ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #3253Bug Fixes
Introduced the expected overload of
Base64UrlEncoder.Decodefor .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.For details see #3249
Fundamentals
Incorporated AI assist rules to enhance AI agents effectiveness.
For details see #3255
Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
For details see #3256
Centralized suppression of RS006 warnings in project files for easier management.
For details see #3230
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0
8.11.0
8.11.0
New Features:
JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from eitherTokenValidationParametersor, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #3243 for details.What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0
8.10.0
8.10.0
Bug Fixes
Fundamentals
8.9.0
8.9.0
Bug Fixes
New Features
Fundamentals
8.8.0
8.8.0
New Features
Switch.Microsoft.IdentityModel.UpdateConfigAsBlockingswitch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #3193 for details.Switch.Microsoft.IdentityModel.DoNotScrubExceptionsAppContextSwitch. See PR #3195 and https://aka.ms/identitymodel/app-context-switches for details.System.Thread.Lockobjects for .NET 9 or greater. See PRs #3185 and #3189 for details.8.7.0
Bug Fixes
IsRecoverableExceptionandIsRecoverableExceptionTypewhose signatures were changed in the previous version. See #3181.New Features
Cnfclass public and move it to Microsoft.IdentityModel.Tokens package. See #3165.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.1...8.7.0
8.6.1
8.6.1
Bug fix
JsonWebTokenHandlerwhereJwtTokenDecryptionParameters'sAlgandEncwere not set during token decryption, causingIDX10611andIDX10619errors to show null values in the messages. See issue #3003 for details.Fundamentals
What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.0...8.6.1
8.6.0
8.6.0
New Features
TryAllDecryptionKeysthat let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.5.0...8.6.0
8.5.0
8.5.0
Reverting previous breaking change
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.4.0...8.5.0
8.4.0
8.4.0
New Features
Repair items
KeyIDshould be present in exception messages and is no longer PII. See #3104 for details.Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
8.3.1
8.3.1
Bug Fixes
AuthenticationEncryptionProvider.cs. See #3063Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
New Contributors
... (truncated)
8.3.0
New features
Work related to redesign of IdentityModel's token validation logic #2711
Bug fixes
Fundamentals
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.2.1...8.3.0
8.2.1
8.2.1
New features
Bug fixes
Fundamentals
SecurityTokenDescriptor. See 2993.Work related to redesign of IdentityModel's token validation logic #2711
IssuerExtensibility. See 2987.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.2.0...8.2.1
8.2.0
8.2.0
Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
... (truncated)
8.1.2
What's Changed
Bug fixes
CaseSensitiveClaimsIdentityas expected, by @jennyf19 in return CaseSensitiveClaimsIdentity in clone AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2879Fundamentals
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.1.1...8.1.2
8.1.1
8.1.1
Bug fixes
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.1.0...8.1.1
8.1.0
8.1.0
Performance improvements
New features
Bug fixes
Fundamentals
IsTargetFrameworkCompatible(*)so AOT is forward-compatible with .NET 9 and beyond. See PR #2790 for details.[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR #2820.
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
... (truncated)
8.0.2
8.0.2
Security fundamentals
BannedApiAnalyzersto prevent use ofClaimsIdentityconstructors. See PR #2778 for details.Bug fixes
UseRfcDefinitionOfEpkAndKidswitch. See PR #2747 for details.DoNotFailOnMissingTidin 7x andDontFailOnMissingTidin 8x, adding the method for back compat. See issue #2750 for details.JsonWebKeySetstores the original string it was created with. See PR #2755 for details.SignatureProvider. See #2788 for details.Fundamentals
9.0.100-preview.7.24407.12and add<NoWarn>$(NoWarn);SYSLIB0057</NoWarn>due to breaking changes in preview7. #2786.Work relating to #2711
What's Changed
... (truncated)
8.0.1
8.0.1
Bug fixes
SignatureProviderwas disposed but still able to leverage the cache andSignatureProvidernow disposes when compacting. See PR #2682 for details.JsonWebTokenHandler.ValidateJWEAsyncnow considers the decrypt keys in the configuration. See issue #2737 for details.Performance improvement
AppContext.TryGetSwitchstatically caches internally but takes out a lock..NET almost always caches these values. They're not expected to change while the process is running unlike normal config. IdentityModel now caches the value. See issue #2722 for details.
8.0.0
8.0.0
CVE package updates
CVE-2024-30105
Breaking change:
Full list of breaking changes.
ClaimsIdentitywhere claim retrieval is case-sensitive. The currentClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlyingSecurityToken. The newCaseSensitiveClaimsIdentityclass provides consistent retrieval logic withSecurityToken. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.CollectionUtilities.IsNullOrEmptyinternal. If your code used this method, you now have to provide your own implementation. See issues #2651 and #1722 for details.Overall improvements to the validation in IdentityModel:
New Features:
StreamtoWriteinOIDCConfigurationSerializer. See PR #2698 for details.Bug fixes:
AadIssuerValidator.GetTenantIdFromTokeninValidateIssuerSigningKey, to only consider thetid. An AppContext switch enables fallbacking to the previous behavior, which should not be needed. See PR #2680 for details.authorization_details_types_supportedfrom RFC 9396 - OAuth 2.0 Rich Authorization Requests toOpenIdConnectConfiguration.OpenIdConnectPromptnow has thecreateprompt from Initiating User Registration via OpenID Connect 1.0Description has been truncated