Update dependency Microsoft.IdentityModel.Tokens to v6.35.0 #56
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
07756c0
to
a58eb05
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
a58eb05
to
c6aa276
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
c6aa276
to
6db5967
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
6db5967
to
dfbb499
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
dfbb499
to
d2791d7
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
d2791d7
to
15bb3aa
Compare
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
15bb3aa
to
e260bbd
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
e260bbd
to
8bdb82c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
8bdb82c
to
bb70bfa
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
bb70bfa
to
c037d6e
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
c037d6e
to
b1f4667
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
b1f4667
to
204b40f
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/dotnet-azure-ad-identitymodel-extensions-monorepo
branch
from
204b40f
to
1eca1e0
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.11.1->6.35.0Release Notes
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Tokens)
v6.35.0Compare Source
Bug Fix
AadIssuerValidator's handling of trailing forward slashes. See issue [#2415] for more details.Feature
v6.34.0Security fixes
See https://aka.ms/IdentityModel/Jan2024/zip and https://aka.ms/IdentityModel/Jan2024/jku for details.
v6.33.0: 6.33.0Bug Fixes:
v6.32.3Compare Source
=======
Bug fixes:
v6.32.2Compare Source
=======
Bug fixes:
v6.32.1=======
Bug fixes:
JsonClaimSetClaims andJsonWebTokenAudiences. See #2185 for details.v6.32.0=======
New features:
Bug fixes
v6.31.0Compare Source
========
This release contains work from the following PRs and commits:
v6.30.1Compare Source
=========
This release contains work from the following PRs:
This release addresses #1743 and, as such, going forward if the SymmetricKey is smaller than the required size for HMAC IdentityModel will throw an ArgumentOutOfRangeException which is the same exception when the SymmetricKey is smaller than the minimum key size for encryption.
v6.30.0Compare Source
=========
Beginning in release 6.28.0 the library stopped throwing SecurityTokenUnableToValidateException. This version (6.30.0) marks the exception type as obsolete to make this change more discoverable. Not including it in the release notes explicitly for 6.28.0 was a mistake. This exception type will be removed completely in the next few months as the team moves towards a major version bump. More information on how to replace the usage going forward can be found here: https://aka.ms/SecurityTokenUnableToValidateException
Indicate that a SecurityTokenDescriptor can create JWS or JWE
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2055
Specify 'UTC' in log messages
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@ceb10b1
Fix order of log messages
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@05eeeb5
Fixed issues with matching Jwt.Kid with a X509SecurityKey.x5t
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2057
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2061
Marked Exception that is no longer used as obsolete
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2060
Added support for AesGcm on .NET 6.0 or higher
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@85fa86a
First round of triming analysis preperation for AOT
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2042
Added new API on TokenHandler.ValidateTokenAsync(SecurityToken ...) implemented only on JsonWebTokenHandler.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2056
v6.29.0Compare Source
=========
v6.28.1Compare Source
=========
v6.28.0Compare Source
========
v6.27.0========
Servicing release
Set maximum depth for Newtonsoft parsing.https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/20244
Improve metadata failure message.https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/20100
Validate size of symmetric signatures.https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/20088
Added property TokenEndpoint to BaseConfiguration.https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/19988
v6.26.1=========
Bug Fixes:
Releasing a Hotfix for Wilson 6.26.0 that reverts async/await changes made in #1996 to address a performance reduction issue.
v6.26.0Compare Source
Servicing release
Introducing a new boolean TokenValidationParameter LogTokenId.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2002
Update System.Text.Encodings.Web
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1997
Update ValidateToken call stack fully async
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1996
JsonWebTokenHandler to return the JsonWebToken on validation failure
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1989
Update documentation of DefaultTokenLifetimeInMinutes
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1988
v6.25.1Compare Source
Servicing release
.net was throwing when JWT tokens contained claims that used escaped characters.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1975
Fixed Typo in comments
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1971
Added inner exception to help diagnose when reading JWT tokens fails.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1968
Updated comments to improve understanding of RoleClaimTypeRetriever and NameClaimTypeRetriever
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1960
v6.25.0Compare Source
Add Instance property bag that is cleared when Clone is called.
Added comments to JsonWebTokenHandler and JwtSecurityTokenHandler to emphasize that ReadToken does not validate the token.
#1952
#1954
v6.24.0Compare Source
Single feature to control if exceptions are logged for Audience and Issuer failures.
Sometimes multiple policies are used, when a subsequent policy succeeds the upper layer can decide if previous exceptions should be logged.
#1949
v6.23.1Compare Source
A simple 'dot' release to fix an issue where JsonWebTokenHandler virtual CreateClaimsIdentity was not called.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1940
v6.23.0Compare Source
=========
New Features:
Microsoft.IdentityModel has two assemblies to manipulate JWT tokens:
System.IdentityModel.Tokens.Jwt, which is the legacy assembly. It defines JwtSecurityTokenHandler class to manipulate JWT tokens.
Microsoft.IdentityModel.JsonWebTokens, which defines the JsonWebToken class and JsonWebTokenHandler, more modern, and more efficient.
When using JwtSecurityTokenHandler, the short named claims (oid, tid), used to be transformed into the long named claims (with a namespace). With JsonWebTokenHandler this is no longer the case, but when you migrate your application from using JwtSecurityTokenHandler to JsonWebTokenHandler (or use a framework that does), you will only get original claims sent by the IdP. This is more efficient, and occupies less space, but might trigger a lot of changes in your application. In order to make it easier for people to migrate without changing their app too much, this PR offers extensibility to re-add the claims mapping.
Bug Fixes:
v6.22.1Compare Source
=========
New Features:
Microsoft.IdentityModel has two assemblies to manipulate JWT tokens:
System.IdentityModel.Tokens.Jwt, which is the legacy assembly. It defines JwtSecurityTokenHandler class to manipulate JWT tokens.
Microsoft.IdentityModel.JsonWebTokens, which defines the JsonWebToken class and JsonWebTokenHandler, more modern, and more efficient.
When using JwtSecurityTokenHandler, the short named claims (oid, tid), used to be transformed into the long named claims (with a namespace). With JsonWebTokenHandler this is no longer the case, but when you migrate your application from using JwtSecurityTokenHandler to JsonWebTokenHandler (or use a framework that does), you will only get original claims sent by the IdP. This is more efficient, and occupies less space, but might trigger a lot of changes in your application. In order to make it easier for people to migrate without changing their app too much, this PR offers extensibility to re-add the claims mapping.
Bug Fixes:
v6.22.0Compare Source
=========
New Features:
Unmasked non-PII properties in log messages -
In Microsoft.IdentityModel logs, previously only system metadata (DateTime, class name, httpmethod etc.) was displayed in clear text. For all other log arguments, the type was being logged to prevent Personally Identifiable Information (PII) from being displayed when ShowPII flag is turned OFF. To improve troubleshooting experience non-PII properties - Issuer, Audience, Key location, Key Id (kid) and some SAML constants will now be displayed in clear text. See issue #1903 for more details.
Prefix Wilson header message to the first log message -
To always log the Wilson header (Version, DateTime, PII ON/OFF message), EventLogLevel.LogAlways was mapped to LogLevel.Critical in Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter class which caused confusion on why header was being displayed as a fatal log.
To address this, header is now prefixed to the first message logged by Wilson and separated with a newline. EventLogLevel.LogAlways has been remapped to LogLevel.Trace. See issue #1907 for more details.
Bug Fixes:
Copy the IssuerSigningKeyResolverUsingConfiguration delegate in Clone() #1909
v6.21.0Compare Source
Dependency Updates:
Updated Newtonsoft dependency to 13.0.2 #1902
Bug Fixes:
Add M.IM.TestExtensions to strong name by pass. #1897
Add early alerting for governance #1896
Adjust log level #1893
Fundamentals
Update newtonsoft per governance report #1890
v6.20.0Compare Source
New Feature:
Microsoft.IdentityModel now provides a LoggerContext class to aid with debugging. See issue #1876 for details.
Bug Fixes:
The
ctyclaim is now optional. See issue #1861 for details.The signature of the token is no longer logged. See issue #1880 for details.
ValidateHash method Alg is null when token is a JWE token. See issue #1680 for details.
Fixed the issue the compaction actions are queued but potentially never got started. See issue #1871 for details.
v6.19.0Compare Source
Enhancements
v6.18.0Compare Source
Enhancements
v6.17.0Compare Source
New Features
v6.16.0Compare Source
Enhancements
v6.15.1Enhancements
Bugs
v6.15.0: 6.15.0New Features
Enhancements
Bug Fixes
v6.14.1Compare Source
Bug Fixes:
The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .
v6.14.0Compare Source
New Features
A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.
Bug Fixes
Fixes to determine when
IsValidproperty has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.aka.ms link added for issuer validation failure. See issue #1732.
Fix broken rfc link. See issue #1728.
Add const for the OIDC scope "phone". See #1720.
Use
httpsfor hyperlinks in XLM. See #1719.v6.13.1Compare Source
Updating comments to help improve correct usage
#1705
SignedHttpRequests
New exceptions and delegate for validation.
#1704
Base64UrlEncoder performance improvements
#1698
Improve comments to clarify API usage and avoid unintentional validation weakening
#1687
Modify how internal caching runs tasks
Change to starting the event queue task via the Task.Run() method so it is on the default task scheduler and will not interfere with caller's task scheduler as some custom task schedulers might be single threaded and execution can be blocked. The second change is replacing the BlockingCollection with ConcurrentQueue to prevent resource leaks
#1696
Adding the BaseConfigurationManager and BaseConfiguration
This simplifies access to first class properties such as RefreshInterval etc.
Some of the properties in TokenValidationParameter were left as internal as they are required for a future feature that requires additional work.
#1695
NOTE: Version 6.13.0 should NOT be used. In version 6.13.0, users were experiencing an issue where they could not use a ConfigurationManager where T is a custom class. This has been addressed in 6.13.1.
v6.13.0Compare Source
v6.12.2Compare Source
BugFixes
Stop the event queue task when event queue is empty (#1685)
v6.12.1Compare Source
BugFixes
Enhancements and features
v6.12.0Compare Source
Bug fixes
Enhancements and features
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.