A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.
Bug Fixes
Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.
aka.ms link added for issuer validation failure. See issue #1732.
Improve comments to clarify API usage and avoid unintentional validation weakening
#1687
Modify how internal caching runs tasks
Change to starting the event queue task via the Task.Run() method so it is on the default task scheduler and will not interfere with caller's task scheduler as some custom task schedulers might be single threaded and execution can be blocked. The second change is replacing the BlockingCollection with ConcurrentQueue to prevent resource leaks
#1696
Adding the BaseConfigurationManager and BaseConfiguration
This simplifies access to first class properties such as RefreshInterval etc.
Some of the properties in TokenValidationParameter were left as internal as they are required for a future feature that requires additional work.
#1695
NOTE: Version 6.13.0 should NOT be used. In version 6.13.0, users were experiencing an issue where they could not use a ConfigurationManager where T is a custom class. This has been addressed in 6.13.1.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps System.IdentityModel.Tokens.Jwt from 6.12.2 to 6.14.0.
Release notes
Sourced from System.IdentityModel.Tokens.Jwt's releases.
Commits
fcfd453
version update to 6.14.054af78f
use windows only for linux test (#1746)8eecd75
fix build issue w/log messages that are unused. (#1744)7e732dd
Revert "Add singleton CallContext.Default (#1740)" (#1745)0780249
Use https for hyperlinks (#1719)0faea95
Add const for the standard scope "phone" (#1720)1de9fc7
fix rfc link (#1737)b4aded6
Add aka.ms link for issuer validation failure #1732 (#1741)697f090
initial commit to move issuer validator to separate assembly from idweb (#1736)cf77cd6
Add singleton CallContext.Default (#1740)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)