You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add Experimental/JwtSecurityTokenHandler.ReadToken.cs returning ValidationResult<SecurityToken, ValidationError> for parse/format failures (replaces the throw-from-ReadJwtToken).
Add Experimental/JwtSecurityTokenHandler.ValidateSignature.cs returning ValidationResult<SecurityKey, ValidationError> using SignatureValidationError and SignatureKeyValidationError.
Add Experimental/JwtSecurityTokenHandler.DecryptToken.cs for JWE flows returning ValidationResult<string, ValidationError>.
Add Experimental/JwtSecurityTokenHandler.ClaimsMapping.cs (or similar) so the new path reuses the same claim mapping as ValidateToken(...) — must NOT diverge from the legacy path.
Add an adapter Experimental/JwtSecurityTokenHandler.LegacyAdapter.cs exposing Task ValidateTokenAsyncLegacyShim(...) so existing ValidateTokenAsync continues to work via the new pipeline (bridge converts ValidationError → Exception using ValidationError.GetException()).
Update InternalAPI.Unshipped.txt.
Tests
Mirror Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsync.Tests.cs test theory data for: invalid algorithm, invalid issuer, invalid audience, invalid lifetime, invalid signature, missing signing key, replayed token, invalid type, encrypted-token success, encrypted-token decryption failure.
For each, assert result.IsValid == false and result.UnwrapError() is ValidationError.
Cross-test: same input through legacy ValidateTokenAsync produces an equivalent exception via error.GetException().
Acceptance
No changes to shipped public API.
New surface only under *.Experimental.
All existing System.IdentityModel.Tokens.Jwt.Tests continue passing.
Goals
Work
Tests
Acceptance