Updated documentation for the new validation model and restructured internals#3056
Merged
Updated documentation for the new validation model and restructured internals#3056
Conversation
… of GetCurrentStackFrame() and AddCurrentStackFrame()
…fields onto their own files and made the structures read-only.
kllysng
reviewed
Dec 10, 2024
src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs
Show resolved
Hide resolved
…g IList values from two-part constructors.
… no ActorValidationParameters are provided.
…once the classes/structures are made public.
Contributor
There was a problem hiding this comment.
Copilot reviewed 28 out of 43 changed files in this pull request and generated no comments.
Files not reviewed (15)
- src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt: Language not supported
- src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.StackFrames.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateToken.StackFrames.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateToken.StackFrames.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateToken.Internal.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerSigningKeyValidationError.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateToken.Internal.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/MessageDetail.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs: Evaluated as low risk
- src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs: Evaluated as low risk
jmprieur
approved these changes
Jan 5, 2025
Contributor
jmprieur
left a comment
jmprieur
left a comment
There was a problem hiding this comment.
LGTM
I've asked a few questions, which I'd like to be addressed, and proposed to improve the error messages to make them more actionable.
src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs
Show resolved
Hide resolved
...Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerSigningKeyValidationError.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedToken.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs
Show resolved
Hide resolved
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
SummarySummary
CoverageMicrosoft.IdentityModel.JsonWebTokens - 80.3%
|
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs
Show resolved
Hide resolved
src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs
Show resolved
Hide resolved
This was referenced Feb 18, 2026
Closed
Closed
Closed
This was referenced Mar 9, 2026
PhilipWoulfe
pushed a commit
to PhilipWoulfe/F1Competition
that referenced
this pull request
Mar 16, 2026
…wt (#153) Updated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 7.5.1 to 8.16.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._ ## 8.16.0 ## New Features * Add telemetry around signature validation. See [PR #3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details. ## Fundamentals * Fix FileVersion format to use two-digit year and day of year. See [PR #3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details. ## 8.15.0 ## New Features - **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`** Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys. See PR [#2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details. ## Bug Fixes - **Sanitize logs to avoid leaking sensitive data** Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs. See PR [#3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details. - **Optimize log sanitization with `SearchValues`** Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios. See PR [#3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details. - **Update test for `IDX10400`** Adjusted the `IDX10400` test to align with the current behavior and error messaging. See PR [#3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details. ## Fundamentals - **Add supported algorithm tests** Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility. See PR [#3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details. - **Migrate repository agent rules from `.clinerules` to `agents.md`** Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain. See PR [#3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details. - **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json** Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack. See PR [#3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details. - **Disable code coverage comments** Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere. See PR [#3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details. - **Fix CodeQL alerts** Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness. See PR [#3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details. ### .NET 10 / SDK and tooling updates - **Building with .NET 10 preview / RC 1** Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime. See PRs [#3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details. - **Fix .NET 10 test execution consistency** Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably. See PR [#3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details. - **Update project files and workflows for .NET 10.0 compatibility** Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios. See PR [#3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details. - **Update .NET version to meet CG compliance** Updated the .NET version references to be compliant with corporate governance (CG) requirements. See PR [#3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details. - **Update Coverlet collector and test SDK** - Bumped `CoverletCollectorVersion` to 6.0.4. See PR [#3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details. - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support. ... (truncated) ## 8.14.0 8.14.0 ==== ## Bug Fixes - Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details. ## 8.13.1 8.13.1 ==== ## Dependencies Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0 ## Bug Fixes - Fixed a decompression failure happening for large JWE payloads. See [#3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details. ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details. 8.13.0 ## 8.13.0 8.13.0 ==== ### Fundamentals - `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details. - Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details. - Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details. ## What's Changed * Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278 * Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274 * Update RsaSecurityKey.cs to remove Pkcs 1 by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280 * changelog for 8.13 by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282 ## New Contributors * @Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0 ## 8.12.1 8.12.1 ==== ### Fundamentals - Update .NET SDK version to 9.0.107 used when building or running the code. See [#3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details. - To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details. - Experimental code leaked into TokenValidationResult from early prototypes. See PR [#3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details. ## What's Changed * Remove experimental code from TokenValidationResult by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259 * Moved files to experimental folder by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261 * Update global.json to latest by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1 ## 8.12.0 8.12.0 ==== ## New Features - **Enhance ConfigurationManager with event handling** Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253) ## Bug Fixes - **Add expected Base64UrlEncoder.Decode overload for NET6 and 8** Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks. For details see [#3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249) ## Fundamentals - **Add AI assist rules** Incorporated AI assist rules to enhance AI agents effectiveness. For details see [#3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255) - **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0** Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added). For details see [#3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256) - **Move suppression of RS006 to csproj** Centralized suppression of RS006 warnings in project files for easier management. For details see [#3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230) ## What's Changed * Move suppression of RS006 to csproj. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230 * Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250 * add ai assist rules by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255 * Enhance ConfigurationManager with event handling by @GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254 * Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256 * Update CHANGELOG.md for 8.12.0 by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0 ## 8.11.0 8.11.0 ===== ## New Features: - Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details. - Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details. ## What's Changed * few updates by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242 * Changelog for 8.10.0 by @sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241 * Exposes publicly override of AadIssuerValidator factory taking a delegate by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244 * update current version to 8.10.0 by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246 * Add DecryptTokenWithConfiguration API by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243 * changelog for 8.11 by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0 ## 8.10.0 8.10.0 ===== ## Bug Fixes - Corrected casing of the Type attribute in SubjectConfirmationData. See [#3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206). - Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1). - Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65). ## Fundamentals - Introduced Long-Term Support (LTS) policy. See [#3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1). ## 8.9.0 8.9.0 ===== ## Bug Fixes - syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213. - Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203. ## New Features - Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981. - Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205. ## Fundamentals - Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204. ## 8.8.0 8.8.0 ===== ## New Features - Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details. - Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details. - Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details. ## 8.7.0 ## Bug Fixes - Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181). ## New Features - Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165). ## What's Changed * Post Release 8.6.1 cleanup by @mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160 * Updates CodeQL.yaml to exclude test files by @sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163 * Adds explanation for CodeQL warnings by @sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167 * Fix typo by @rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175 * Need to change the locks by @JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171 * Move CNF from SHR to M.IM.Tokens by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168 * Add back IsRecoverableException methods. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183 * Revert "Need to change the locks" by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186 * 8.7.0 changelog by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184 ## New Contributors * @rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0 ## 8.6.1 8.6.1 ===== ## Bug fix - Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details. - Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details. ## Fundamentals - For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details. ## What's Changed * Update version.props to next version by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145 * Update the public API shipped files by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146 * Add global.json file by @mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153 * Trigger metadata refresh for token decryption errors by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149 * Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152 * first changelog update by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156 ## New Contributors * @mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153 * @ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1 ## 8.6.0 8.6.0 ===== ## New Features - TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128) - Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140) ## Fundamentals * Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143) * Add more tests for encrypted tokens. See [#3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139) ## What's Changed * Update CHANGELOG.md by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133 * Update version.props to next version by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137 * Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128 * Change KeyInfo.MatchesKey from internal to protected internal virtual. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140 * Fix #3112 by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143 * Add more auto-decryption related tests by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139 * Update changelog.md for 8.6.0 by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0 ## 8.5.0 8.5.0 ===== ## Reverting previous breaking change - The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0). - Cherry-picked Changes: Included changes from PR [#3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104). ## What's Changed * Update version.props by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126 * fix formatting error by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134 * Revert configuration manager to 8.3.1 by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0 ## 8.4.0 8.4.0 ===== ## New Features - App context switch allows blocking or non-blocking calls for configuration. See PR [#3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks. - IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details. - IdentityModel now allows specifying the HTTP protocol version and version policy. See [#2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details. ## Repair items - Add request count and duration telemetry for configuration requests. See [#3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details. - `KeyID` should be present in exception messages and is no longer PII. See [#3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details. ## Fundamentals - Fix spelling issues in xml comments. See [#3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details. - Fix comment coverage in PR builds. See [#3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details. ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - See [#3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111). - Add internal virtual on TokenHandler. See [#3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details. * @prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809 ## 8.3.1 8.3.1 ===== ## Bug Fixes * Respect TVP.RequireAudience when set to false. See [#3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055) * For net4.6.2 select RSACng for PSS support. See [#3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097) * Fix package downgrade in consuming libraries. See[#3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062) * Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063) ## Fundamentals * Removed unused property on JsonWebToken ClaimsIdentity. See [#3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details. * Upgrade to C# 13. See [#2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998) * Use new Base64Url API. See [#22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817) * Add warning quality check. See [#3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067) * Update dotnet actions. see [#3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074) * Fix warnings. See [#3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081) * Test updates in JsonWebToken. See [#3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080). ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - [#3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054) ## What's Changed * Update CHANGELOG.md by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053 * Extensibility tests: Audience - JWT, SAML and SAML2 by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027 * Extensibility tests: Lifetime - JWT, SAML and SAML2 by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028 * Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051 * Add logging to the new validation model by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054 * update version by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057 * lower version to avoid downgrades. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058 * Respect TVP.RequireAudience when set to false by @kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055 * Fix package downgrade in consuming libraries by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062 * Add slnf for running perf and stress tests by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066 * Add Warning Quality Check Build Task 🔨 by @kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067 * Update template-Build-run-tests-sign.yml by @ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069 * Removed unused property on JsonWebToken by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072 * Update setup dotnet actions by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074 * fixed #2983 and re-add code coverage comments to PRs by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076 * Remove duplicate keyid into var keysAttempted by @bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899 * Upgrade to C# 13 by @westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998 * Use new Base64Url API by @msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817 * Update common.props by @ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078 * fix warnings by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081 * Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063 * Test updates by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080 * For net4.6.2 select RSACng for PSS support. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085 * changelog for 8.3.1 by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098 ## New Contributors * @bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899 * @gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063 ... (truncated) ## 8.3.0 ## New features ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) * SAML and SAML2 new model validation: Token Replay. See [#2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994) * Extensibility tests: Token Type - JWT ([#3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)), Issuer signing key - JWT, SAML and SAML2 ([#3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302)) * Avoid code duplication in extensibility testing. See [#3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041) * Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011 * Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044 ## Bug fixes * Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042 * Fixed SignedHttpRequest flaky test. See [#3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037) ## Fundamentals * Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018 * Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009 * Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045 * Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046 * Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010 * Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048 * Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049 * Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031 ## New Contributors * @ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0 ## 8.2.1 8.2.1 ===== ### New features - Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990). ### Bug fixes - Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935). - Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969). ### Fundamentals - Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993). - Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999). ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976). - Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980). - Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950). - Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987). - Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965). - Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984). ## What's Changed * Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970 * Update to next version after 8.2.0 release by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975 * Consolidating test statics by @trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956 * New token validation model: Simplify stack frame caching by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976 * Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935 * Update cgmanifest to align with the JSON schema by @jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969 * SAML and SAML2 new model validation: Read Token by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980 * SAML2 new model validation: Signature by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961 * JsonWebTokenHandler IssuerExtensibility by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987 * SAML and SAML2 new model validation: Issuer Signing Key by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965 * Ignore AotCompatibilityTests on ADO by @jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992 * SAML and SAML2 new model validation: Algorithm by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984 * Use SecurityTokenDescriptor when creating tokens by @msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991 * Prevent inlining to guarantee stack frames in test by @westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002 * Update to .NET 9 GA. Update some test dependencies. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990 * Add Abstractions.Tests to strong name bypass file. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004 ## New Contributors * @jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1 ## 8.2.0 8.2.0 ===== ### Fundamentals - Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892). - Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857). - Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898). - Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968) - Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946) - Various test improvements: - [#2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953) - [#2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955) - [#2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951) - [#2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952) - [#2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947) ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863) - Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902) - Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923) - Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925) - Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948) ## What's Changed * update to next version by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890 * Use FixedTimeEquals in NETCore targets by @westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857 * Update System.Text.Json to 8.0.5 CVE-2024-43485 by @msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892 * Update .NET 9 to RC 2 by @msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898 * Validate Audience for SAML2TokenHandler with New Model by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863 * Regression tests: Issuer by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868 * Mark Wilson APIs as Shipped by @westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903 * Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906 * Suggested changes to AudienceValidation by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902 * Extensibility tests: Audience by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861 * Added properties to ValidationResult without throwing by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923 * Extensibility tests: Lifetime by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867 * Regression tests: Issuer signing key by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927 * Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896 * Fix typo by @westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894 * Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925 * Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873 * Regression tests: Signature by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930 * Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929 * Fix builds on macOS / Linux using the build.sh script by @filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937 * Regression tests: Algorithm by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934 * Regression tests: Token Type by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932 * Regression tests: Token Replay by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931 * Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936 * Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947 * Restore skipped test: ReferenceCountingTest_MultiThreaded by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952 * Restore EnsureAotCompatibility test by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951 ... (truncated) ## 8.1.2 ## What's Changed ### Bug fixes * CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879 * Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888 ### Fundamentals * Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2 ## 8.1.1 8.1.1 ===== ### Bug fixes - Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details. ## What's Changed * Rename validation delegates by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847 * Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848 * Add disable discovery enumeration = true to all theory tests by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849 * Make CaseSensitiveClaimIdentity serializable by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850 * Remove Obsolete BinaryFormatter by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851 * Refactor ValidateConditions in Saml2SecurityTokenHandler by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855 * Set custom BenchmarkDotNetconfig as default by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852 * Regression tests: Audience by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838 * Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859 * update current version by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862 * Regression tests: Lifetime by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839 * Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869 * Set internal _syncAfter using only AutomaticRefreshInterval. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865 * 8.1.1 Changelog by @kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864 * Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870 **Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1 ## 8.1.0 8.1.0 ===== ### Performance improvements - Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826). ### New features - Add optional check to prevent using keys that are shared across multiple clouds. See issue [#2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details. ### Bug fixes - JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details. ### Fundamentals - Fix flaky tests. See [#2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details. - Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details. - Onhboard to code coverage in ADO. See PR [#2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798). - Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details. - Fix a merge conflict impacting dev. See PR [#2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819). - Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error. [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820). - Remove perl dependency. See PR [#2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830). ### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - [#2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794) - [#2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800) - [#2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810) - [#2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811) - [#2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816) - [#2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822) - [#2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815) - [#2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818) - [#2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813) - [#2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827) ## What's Changed * changelog 8.0.2 by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792 * Update version.props to 8.0.2 by @jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791 * Fix Async Issue in Extensibility Tests by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795 * Update xUnit version and fix test warnings by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796 * ValidateTokenAsync - New Path: Refactor result types by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794 * Onboard to code coverage in ADO by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798 * Exception refinement: Adding additional information by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800 * Add initial regression tests for the new validation path by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810 * Use IsTargetFrameworkCompatible() by @martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790 * Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811 * Return unwrapped keys if able by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812 * New token validation path: Renamed result types by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816 * Fix merge conflict by @msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819 * Removed attribute that causes issues with internal builds. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820 * Add missing exception type to ValidationError -> GetException() by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822 * Regression testing: Add JWE use cases by @iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815 ... (truncated) ## 8.0.2 8.0.2 ===== ### Security fundamentals - Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details. ### Bug fixes - IdentityModel now allows the JWT payload to be an empty string. See issue [#2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details. - Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details. - Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details. - Metadata is now updated on a background thread. See [#2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details. - `JsonWebKeySet` stores the original string it was created with. See PR [#2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details. - Restore AOT compatibility. See [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711). - Fix OpenIdConnect parsing bug. See [#2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details. - Remove the lock on creating a `SignatureProvider`. See [#2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details. ### Fundamentals - Test clean up [#2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742). - Use only FxCop in .NET framework targets [#2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693). - Add rule to add file headers automatically [#2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748). - Code analysis updates [#2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746). - Include README packages in NuGet [#2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752). - Update projects inside WilsonUnix solution [#2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768). - Code style enforced in build [#2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603). - CodeQL update [#2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767). - Update build pipeline to new one release build format [#2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777). - Update GitHub actions to `9.0.100-preview.7.24407.12` and add `<NoWarn>$(NoWarn);SYSLIB0057</NoWarn>` due to breaking changes in preview7. [#2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786). ### Work relating to [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711) - [#2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779). ## What's Changed * Remove old 6x tests used that are not needed anymore by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742 * Only use fxcop in netfw by @keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693 * Allow Jwt payload to be the empty string. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745 * Add rule to add file headers automatically. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748 * Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725 * Fix CodeQL by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746 * Cache UseRfcDefinitionOfEpkAndKid switch. by @pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747 * Decrypt token: Remove exceptions + use new ValidationParameters by @iNinja in https://github…
This was referenced Mar 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated documentation for the new validation model and restructured internals
Clean up work and documentation updates for the new validation model.
GetCurrentStackFrame()andAddCurrentStackFrame()IssuerValidationSourceto be extensible.Part of #2711