AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.JsonWebTokens)
### [`v8.0.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#800)
\=====
##### CVE package updates
[CVE-2024-30105](https://togithub.com/advisories/GHSA-hh2w-p6rv-4g7w)
- See PR [#2707](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2707) for details.
##### Breaking change:
[Full list](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IdentityModel-8x) of breaking changes.
- A derived `ClaimsIdentity` where claim retrieval is case-sensitive. The current `ClaimsIdentity`, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying `SecurityToken`. The new `CaseSensitiveClaimsIdentity` class provides consistent retrieval logic with `SecurityToken`. Fallback to previous behavior via an AppContext switch. See PR [#2700](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2700) for details.
- Make `CollectionUtilities.IsNullOrEmpty` internal. See issues**https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2651dotnet/issues/2651) and [#1722](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1722) for details.
##### Overall improvements to the validation in IdentityModel:
- See design proposal [#2711](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) for details, all work internal for now. Please comment in the GitHub issue and provide feedback there.
##### New Features:
- Allow users to provide a `Stream` to `Write` in `OIDCConfigurationSerializer`. See PR [#2698](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2698) for details.
##### Bug fixes:
- Remove dependency on `AadIssuerValidator.GetTenantIdFromToken` in `ValidateIssuerSigningKey`, to only consider the `tid`. An AppContext switch enables fallbacking to the previous behavior, which should not be needed. See PR [#2680](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2680) for details.
- Continuation of [#2637](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2637) and [#2646](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2646). Add the metadata `authorization_details_types_supported` from [RFC 9396 - OAuth 2.0 Rich Authorization Requests](https://datatracker.ietf.org/doc/html/rfc9396) to `OpenIdConnectConfiguration`.
- The class `OpenIdConnectPrompt` now has the `create` prompt from [Initiating User Registration via OpenID Connect 1.0
](https://openid.net/specs/openid-connect-prompt-create-1\_0.html)
- The following grant types are now included in `OpenIdConnectGrantTypes`: `urn:ietf:params:oauth:grant-type:saml2-bearer` from [RFC 7522 - Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://datatracker.ietf.org/doc/html/rfc7522), `urn:ietf:params:oauth:grant-type:jwt-bearer` from [RFC 7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://datatracker.ietf.org/doc/html/rfc7523), `urn:ietf:params:oauth:grant-type:device_code` from [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://datatracker.ietf.org/doc/html/rfc8628), `urn:ietf:params:oauth:grant-type:token-exchange` from [RFC 8693 - OAuth 2.0 Token Exchange](https://www.rfc-editor.org/rfc/rfc8693.html), `urn:openid:params:grant-type:ciba` from [OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1\_0.html)
- Serialize byte arrays as base64 strings in Json tokens. This was the behavior in 6.x releases. See issue [#2524](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2524) for details.
- When we added virtuals to abstract methods that threw in the base class, we then called those methods that were implemented in user derived classes. The user code would fault with a `NotImplementedException`. Now a message is returned that the user can act on to fix the issue. See issue [#1970](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1970).
##### Fundamentals
- Remove code that was used in target frameworks that got removed. See PR [#2673](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2673) for details.
- Rename local variables for better readability. See PR [#2674](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2674) for details.
- Refactor XML comments for improved clarity. See PR [#2676](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2676), [#2677](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2677), [#2678](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2678), [#2689](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2689) and [#2703](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2703) for details.
- Fix flaky test. See issue [#2683](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2683) for details.
- Made `ConfigurationManager.GetConfigurationAsync` a virtual method. See PR [#2661](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2661)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
7.6.3->8.0.0Release Notes
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.JsonWebTokens)
### [`v8.0.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#800) \===== ##### CVE package updates [CVE-2024-30105](https://togithub.com/advisories/GHSA-hh2w-p6rv-4g7w) - See PR [#2707](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2707) for details. ##### Breaking change: [Full list](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IdentityModel-8x) of breaking changes. - A derived `ClaimsIdentity` where claim retrieval is case-sensitive. The current `ClaimsIdentity`, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying `SecurityToken`. The new `CaseSensitiveClaimsIdentity` class provides consistent retrieval logic with `SecurityToken`. Fallback to previous behavior via an AppContext switch. See PR [#2700](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2700) for details. - Make `CollectionUtilities.IsNullOrEmpty` internal. See issues**https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2651dotnet/issues/2651) and [#1722](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1722) for details. ##### Overall improvements to the validation in IdentityModel: - See design proposal [#2711](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) for details, all work internal for now. Please comment in the GitHub issue and provide feedback there. ##### New Features: - Allow users to provide a `Stream` to `Write` in `OIDCConfigurationSerializer`. See PR [#2698](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2698) for details. ##### Bug fixes: - Remove dependency on `AadIssuerValidator.GetTenantIdFromToken` in `ValidateIssuerSigningKey`, to only consider the `tid`. An AppContext switch enables fallbacking to the previous behavior, which should not be needed. See PR [#2680](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2680) for details. - Continuation of [#2637](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2637) and [#2646](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2646). Add the metadata `authorization_details_types_supported` from [RFC 9396 - OAuth 2.0 Rich Authorization Requests](https://datatracker.ietf.org/doc/html/rfc9396) to `OpenIdConnectConfiguration`. - The class `OpenIdConnectPrompt` now has the `create` prompt from [Initiating User Registration via OpenID Connect 1.0 ](https://openid.net/specs/openid-connect-prompt-create-1\_0.html) - The following grant types are now included in `OpenIdConnectGrantTypes`: `urn:ietf:params:oauth:grant-type:saml2-bearer` from [RFC 7522 - Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://datatracker.ietf.org/doc/html/rfc7522), `urn:ietf:params:oauth:grant-type:jwt-bearer` from [RFC 7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://datatracker.ietf.org/doc/html/rfc7523), `urn:ietf:params:oauth:grant-type:device_code` from [RFC 8628 - OAuth 2.0 Device Authorization Grant](https://datatracker.ietf.org/doc/html/rfc8628), `urn:ietf:params:oauth:grant-type:token-exchange` from [RFC 8693 - OAuth 2.0 Token Exchange](https://www.rfc-editor.org/rfc/rfc8693.html), `urn:openid:params:grant-type:ciba` from [OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1\_0.html) - Serialize byte arrays as base64 strings in Json tokens. This was the behavior in 6.x releases. See issue [#2524](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2524) for details. - When we added virtuals to abstract methods that threw in the base class, we then called those methods that were implemented in user derived classes. The user code would fault with a `NotImplementedException`. Now a message is returned that the user can act on to fix the issue. See issue [#1970](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1970). ##### Fundamentals - Remove code that was used in target frameworks that got removed. See PR [#2673](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2673) for details. - Rename local variables for better readability. See PR [#2674](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2674) for details. - Refactor XML comments for improved clarity. See PR [#2676](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2676), [#2677](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2677), [#2678](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2678), [#2689](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2689) and [#2703](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2703) for details. - Fix flaky test. See issue [#2683](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2683) for details. - Made `ConfigurationManager.GetConfigurationAsync` a virtual method. See PR [#2661](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2661)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.