Bump Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt #2971
+2
−2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.IdentityModel.JsonWebTokens from 5.7.0 to 8.14.0.
Release notes
Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.
8.14.0
8.14.0
Bug Fixes
ValidationResult
instead ofOperationResult
when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #3299 for details.8.13.1
8.13.1
Dependencies
Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0
Bug Fixes
Work related to redesign of IdentityModel's token validation logic #2711
8.13.0
8.13.0
8.13.0
Fundamentals
CaseSensitiveClaimsIdentity.SecurityToken
setter is now protected internal (was internal). See PR #3278 for details.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0
8.12.1
8.12.1
Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1
8.12.0
8.12.0
New Features
Added event handling capabilities to the
ConfigurationManager
, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #3253Bug Fixes
Introduced the expected overload of
Base64UrlEncoder.Decode
for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.For details see #3249
Fundamentals
Incorporated AI assist rules to enhance AI agents effectiveness.
For details see #3255
Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
For details see #3256
Centralized suppression of RS006 warnings in project files for easier management.
For details see #3230
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0
8.11.0
8.11.0
New Features:
JsonWebTokenHandler.DecryptTokenWithConfigurationAsync
, which decrypts a JWE token using keys from eitherTokenValidationParameters
or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #3243 for details.What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0
8.10.0
8.10.0
Bug Fixes
Fundamentals
8.9.0
8.9.0
Bug Fixes
New Features
Fundamentals
8.8.0
8.8.0
New Features
Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking
switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #3193 for details.Switch.Microsoft.IdentityModel.DoNotScrubExceptions
AppContextSwitch. See PR #3195 and https://aka.ms/identitymodel/app-context-switches for details.System.Thread.Lock
objects for .NET 9 or greater. See PRs #3185 and #3189 for details.8.7.0
Bug Fixes
IsRecoverableException
andIsRecoverableExceptionType
whose signatures were changed in the previous version. See #3181.New Features
Cnf
class public and move it to Microsoft.IdentityModel.Tokens package. See #3165.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.1...8.7.0
8.6.1
8.6.1
Bug fix
JsonWebTokenHandler
whereJwtTokenDecryptionParameters
'sAlg
andEnc
were not set during token decryption, causingIDX10611
andIDX10619
errors to show null values in the messages. See issue #3003 for details.Fundamentals
What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.0...8.6.1
8.6.0
8.6.0
New Features
TryAllDecryptionKeys
that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.5.0...8.6.0
8.5.0
8.5.0
Reverting previous breaking change
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.4.0...8.5.0
8.4.0
8.4.0
New Features
Repair items
KeyID
should be present in exception messages and is no longer PII. See #3104 for details.Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
8.3.1
8.3.1
Bug Fixes
AuthenticationEncryptionProvider.cs
. See #3063Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
New Contributors
... (truncated)
8.3.0
New features
Work related to redesign of IdentityModel's token validation logic #2711
Bug fixes
Fundamentals
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.2.1...8.3.0
8.2.1
8.2.1
New features
Bug fixes
Fundamentals
SecurityTokenDescriptor
. See 2993.Work related to redesign of IdentityModel's token validation logic #2711
IssuerExtensibility
. See 2987.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.2.0...8.2.1
8.2.0
8.2.0
Fundamentals
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
... (truncated)
8.1.2
What's Changed
Bug fixes
CaseSensitiveClaimsIdentity
as expected, by @jennyf19 in return CaseSensitiveClaimsIdentity in clone AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2879Fundamentals
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.1.1...8.1.2
8.1.1
8.1.1
Bug fixes
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.1.0...8.1.1
8.1.0
8.1.0
Performance improvements
New features
Bug fixes
Fundamentals
IsTargetFrameworkCompatible(*)
so AOT is forward-compatible with .NET 9 and beyond. See PR #2790 for details.[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR #2820.
Work related to redesign of IdentityModel's token validation logic #2711
What's Changed
... (truncated)
8.0.2
8.0.2
Security fundamentals
BannedApiAnalyzers
to prevent use ofClaimsIdentity
constructors. See PR #2778 for details.Bug fixes
UseRfcDefinitionOfEpkAndKid
switch. See PR #2747 for details.DoNotFailOnMissingTid
in 7x andDontFailOnMissingTid
in 8x, adding the method for back compat. See issue #2750 for details.JsonWebKeySet
stores the original string it was created with. See PR #2755 for details.SignatureProvider
. See #2788 for details.Fundamentals
9.0.100-preview.7.24407.12
and add<NoWarn>$(NoWarn);SYSLIB0057</NoWarn>
due to breaking changes in preview7. #2786.Work relating to #2711
What's Changed
... (truncated)
8.0.1
8.0.1
Bug fixes
SignatureProvider
was disposed but still able to leverage the cache andSignatureProvider
now disposes when compacting. See PR #2682 for details.JsonWebTokenHandler.ValidateJWEAsync
now considers the decrypt keys in the configuration. See issue #2737 for details.Performance improvement
AppContext.TryGetSwitch
statically caches internally but takes out a lock..NET almost always caches these values. They're not expected to change while the process is running unlike normal config. IdentityModel now caches the value. See issue #2722 for details.
8.0.0
8.0.0
CVE package updates
CVE-2024-30105
Breaking change:
Full list of breaking changes.
ClaimsIdentity
where claim retrieval is case-sensitive. The currentClaimsIdentity
, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlyingSecurityToken
. The newCaseSensitiveClaimsIdentity
class provides consistent retrieval logic withSecurityToken
. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.CollectionUtilities.IsNullOrEmpty
internal. If your code used this method, you now have to provide your own implementation. See issues #2651 and #1722 for details.Overall improvements to the validation in IdentityModel:
New Features:
Stream
toWrite
inOIDCConfigurationSerializer
. See PR #2698 for details.Bug fixes:
AadIssuerValidator.GetTenantIdFromToken
inValidateIssuerSigningKey
, to only consider thetid
. An AppContext switch enables fallbacking to the previous behavior, which should not be needed. See PR #2680 for details.authorization_details_types_supported
from RFC 9396 - OAuth 2.0 Rich Authorization Requests toOpenIdConnectConfiguration
.OpenIdConnectPrompt
now has thecreate
prompt from Initiating User Registration via OpenID Connect 1.0Description has been truncated