Changed new validation model classes and structures in M.IM.Tokens to…

… public. Added to PublicAPI.Unshipped

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs

@@ -25,7 +25,7 @@ public partial class JsonWebTokenHandler : TokenHandler
         /// <param name="callContext">A <see cref="CallContext"/> that contains call information.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> that can be used to request cancellation of the asynchronous operation.</param>
         /// <returns>A <see cref="ValidationResult{TResult}"/> with either a <see cref="ValidatedToken"/> if the token was validated or an <see cref="ValidationError"/> with the failure information and exception otherwise.</returns>
-        internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
+        public async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
             string token,
             ValidationParameters validationParameters,
             CallContext callContext,

src/Microsoft.IdentityModel.Tokens/Delegates.cs

@@ -182,7 +182,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> used for logging.</param>
     /// <returns>The <see cref="SecurityKey"/> used to validate the signature.</returns>
     /// <remarks>If both <see cref="IssuerSigningKeyResolverUsingConfiguration"/> and <see cref="IssuerSigningKeyResolver"/> are set, <see cref="IssuerSigningKeyResolverUsingConfiguration"/> takes priority.</remarks>
-    internal delegate SecurityKey? IssuerSigningKeyResolverDelegate(string token, SecurityToken? securityToken, string? kid, ValidationParameters validationParameters, BaseConfiguration? configuration, CallContext? callContext);
+    public delegate SecurityKey? IssuerSigningKeyResolverDelegate(string token, SecurityToken? securityToken, string? kid, ValidationParameters validationParameters, BaseConfiguration? configuration, CallContext? callContext);
 
     /// <summary>
     /// Resolves the decryption key for the security token.
@@ -193,7 +193,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
     /// <param name="callContext">The <see cref="CallContext"/> to be used for logging.</param>
     /// <returns>The <see cref="SecurityKey"/> used to decrypt the token.</returns>
-    internal delegate IList<SecurityKey> DecryptionKeyResolverDelegate(string token, SecurityToken securityToken, string kid, ValidationParameters validationParameters, CallContext? callContext);
+    public delegate IList<SecurityKey> DecryptionKeyResolverDelegate(string token, SecurityToken securityToken, string kid, ValidationParameters validationParameters, CallContext? callContext);
 
     /// <summary>
     /// Validates the signature of the security token.
@@ -204,7 +204,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> to be used for logging.</param>
     /// <remarks>This method is not expected to throw.</remarks>
     /// <returns>The validated <see cref="SecurityToken"/>.</returns>
-    internal delegate ValidationResult<SecurityKey> SignatureValidationDelegate(
+    public delegate ValidationResult<SecurityKey> SignatureValidationDelegate(
         SecurityToken token,
         ValidationParameters validationParameters,
         BaseConfiguration? configuration,

src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs

@@ -15,7 +15,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Contains information so that Exceptions can be logged or thrown written as required.
     /// </summary>
-    internal class ValidationError
+    public class ValidationError
     {
         private Type _exceptionType;
 
@@ -199,7 +199,7 @@ internal void Log(ILogger logger)
         /// <summary>
         /// Gets the type of validation failure that occurred.
         /// </summary>
-        internal ValidationFailureType FailureType { get; }
+        public ValidationFailureType FailureType { get; }
 
         /// <summary>
         /// Gets the type of exception that occurred.

src/Microsoft.IdentityModel.Tokens/Validation/Results/IssuerValidationSource.cs

@@ -7,7 +7,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Represents the source of the validation of an issuer.
     /// </summary>
-    internal class IssuerValidationSource
+    public class IssuerValidationSource
     {
         /// <summary>
         /// Initializes a new instance of <see cref="IssuerValidationSource"/>.

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedIssuer.cs

@@ -9,7 +9,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Represents a validated issuer, including the source of the validation.
     /// </summary>
-    internal readonly struct ValidatedIssuer : IEquatable<ValidatedIssuer>
+    public readonly struct ValidatedIssuer : IEquatable<ValidatedIssuer>
     {
         /// <summary>
         /// Initializes a new instance of <see cref="ValidatedIssuer"/>.

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedLifetime.cs

@@ -9,7 +9,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Represents a validated lifetime, including the NotBefore and Expires values.
     /// </summary>
-    internal readonly struct ValidatedLifetime : IEquatable<ValidatedLifetime>
+    public readonly struct ValidatedLifetime : IEquatable<ValidatedLifetime>
     {
         /// <summary>
         /// Initializes a new instance of <see cref="ValidatedLifetime"/>.

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedSigningKeyLifetime.cs

@@ -9,7 +9,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Represents a validated signing key lifetime.
     /// </summary>
-    internal readonly struct ValidatedSigningKeyLifetime : IEquatable<ValidatedSigningKeyLifetime>
+    public readonly struct ValidatedSigningKeyLifetime : IEquatable<ValidatedSigningKeyLifetime>
     {
         /// <summary>
         /// Initializes a new instance of <see cref="ValidatedSigningKeyLifetime"/>.

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedToken.cs

@@ -20,7 +20,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="securityToken">The <see cref="SecurityToken"/> that is being validated.</param>
     /// <param name="tokenHandler">The <see cref="TokenHandler"/> that is being used to validate the token.</param>
     /// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
-    internal class ValidatedToken(
+    public class ValidatedToken(
         SecurityToken securityToken,
         TokenHandler tokenHandler,
         ValidationParameters validationParameters)

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidatedTokenType.cs

@@ -9,7 +9,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Represents a validated token type, including the number of valid types present in the validation parameters.
     /// </summary>
-    internal readonly struct ValidatedTokenType : IEquatable<ValidatedTokenType>
+    public readonly struct ValidatedTokenType : IEquatable<ValidatedTokenType>
     {
         /// <summary>
         /// Initializes a new instance of <see cref="ValidatedTokenType"/>.
@@ -62,10 +62,7 @@ public override int GetHashCode()
         /// <param name="left">The left value to compare.</param>
         /// <param name="right">The right value to compare.</param>
         /// <returns>A boolean indicating whether the left value is equal to the right one.</returns>
-        public static bool operator ==(ValidatedTokenType left, ValidatedTokenType right)
-        {
-            return left.Equals(right);
-        }
+        public static bool operator ==(ValidatedTokenType left, ValidatedTokenType right) => left.Equals(right);
 
         /// <summary>
         /// Inequality comparison operator for <see cref="ValidatedTokenType"/>.

src/Microsoft.IdentityModel.Tokens/Validation/Results/ValidationResult.cs

@@ -11,7 +11,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// Represents a validation result that can be either valid or invalid.
     /// </summary>
     /// <typeparam name="TResult"></typeparam>
-    internal readonly struct ValidationResult<TResult> : IEquatable<ValidationResult<TResult>>
+    public readonly struct ValidationResult<TResult> : IEquatable<ValidationResult<TResult>>
     {
         readonly TResult? _result;
         readonly ValidationError? _error;

src/Microsoft.IdentityModel.Tokens/Validation/ValidationFailureType.cs

@@ -1,12 +1,13 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+#nullable enable
 namespace Microsoft.IdentityModel.Tokens
 {
     /// <summary>
     /// The type of the failure that occurred when validating a <see cref="SecurityToken"/>.
     /// </summary>
-    internal abstract class ValidationFailureType
+    public abstract class ValidationFailureType
     {
         /// <summary>
         /// Creates an instance of <see cref="TokenValidationResult"/>
@@ -19,7 +20,7 @@ protected ValidationFailureType(string name)
         /// <summary>
         /// Gets the name of the <see cref="ValidationFailureType"/>.
         /// </summary>
-        public string Name { get; }
+        public string Name { get; internal set; }
 
         /// <summary>
         /// Defines a type that represents a required parameter was null.
@@ -171,3 +172,4 @@ private class IssuerValidatorFailure : ValidationFailureType { internal IssuerVa
         public static readonly ValidationFailureType TokenTypeValidatorThrew = new TokenTypeValidationFailure("TokenTypeValidatorThrew");
     }
 }
+#nullable restore

src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs

@@ -14,7 +14,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <summary>
     /// Contains a set of parameters that are used by a <see cref="SecurityTokenHandler"/> when validating a <see cref="SecurityToken"/>.
     /// </summary>
-    internal class ValidationParameters
+    public class ValidationParameters
     {
         private string? _authenticationType;
         private TimeSpan _clockSkew = DefaultClockSkew;

src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs

@@ -18,7 +18,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext"></param>
     /// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the algorithm.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate ValidationResult<string> AlgorithmValidationDelegate(
+    public delegate ValidationResult<string> AlgorithmValidationDelegate(
         string algorithm,
         SecurityKey securityKey,
         SecurityToken securityToken,
@@ -38,7 +38,7 @@ public static partial class Validators
         /// <param name="securityToken">The <see cref="SecurityToken"/> being validated.</param>
         /// <param name="validationParameters"><see cref="ValidationParameters"/> required for validation.</param>
         /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
-        internal static ValidationResult<string> ValidateAlgorithm(
+        public static ValidationResult<string> ValidateAlgorithm(
             string algorithm,
 #pragma warning disable CA1801
             SecurityKey securityKey,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs

@@ -18,7 +18,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext"></param>
     /// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the issuer.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate ValidationResult<string> AudienceValidationDelegate(
+    public delegate ValidationResult<string> AudienceValidationDelegate(
         IList<string> tokenAudiences,
         SecurityToken? securityToken,
         ValidationParameters validationParameters,
@@ -37,7 +37,7 @@ public static partial class Validators
         /// <param name="validationParameters">The <see cref="TokenValidationParameters"/> to be used for validating the token.</param>
         /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
         /// <remarks>An EXACT match is required.</remarks>
-        internal static ValidationResult<string> ValidateAudience(
+        public static ValidationResult<string> ValidateAudience(
             IList<string> tokenAudiences,
 #pragma warning disable CA1801
             SecurityToken? securityToken,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs

@@ -18,7 +18,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="cancellationToken"></param>
     /// <returns>An <see cref="ValidationResult{TResult}"/>that contains the results of validating the issuer.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate Task<ValidationResult<ValidatedIssuer>> IssuerValidationDelegateAsync(
+    public delegate Task<ValidationResult<ValidatedIssuer>> IssuerValidationDelegateAsync(
         string issuer,
         SecurityToken securityToken,
         ValidationParameters validationParameters,
@@ -40,7 +40,7 @@ public static partial class Validators
         /// <param name="cancellationToken"></param>
         /// <returns>An <see cref="ValidationResult{TResult}"/> that contains either the issuer that was validated or an error.</returns>
         /// <remarks>An EXACT match is required.</remarks>
-        internal static async Task<ValidationResult<ValidatedIssuer>> ValidateIssuerAsync(
+        public static async Task<ValidationResult<ValidatedIssuer>> ValidateIssuerAsync(
             string? issuer,
             SecurityToken? securityToken,
             ValidationParameters validationParameters,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs

@@ -18,7 +18,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> to be used for logging.</param> 
     /// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the issuer.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate ValidationResult<ValidatedSigningKeyLifetime> IssuerSigningKeyValidationDelegate(
+    public delegate ValidationResult<ValidatedSigningKeyLifetime> IssuerSigningKeyValidationDelegate(
         SecurityKey signingKey,
         SecurityToken securityToken,
         ValidationParameters validationParameters,
@@ -38,7 +38,7 @@ public static partial class Validators
         /// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
         /// <param name="configuration">The <see cref="BaseConfiguration"/> to be used for validation.</param>
         /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
-        internal static ValidationResult<ValidatedSigningKeyLifetime> ValidateIssuerSigningKey(
+        public static ValidationResult<ValidatedSigningKeyLifetime> ValidateIssuerSigningKey(
             SecurityKey securityKey,
             SecurityToken securityToken,
             ValidationParameters validationParameters,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs

@@ -17,7 +17,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
     /// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the issuer.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate ValidationResult<ValidatedLifetime> LifetimeValidationDelegate(
+    public delegate ValidationResult<ValidatedLifetime> LifetimeValidationDelegate(
         DateTime? notBefore,
         DateTime? expires,
         SecurityToken? securityToken,
@@ -40,7 +40,7 @@ public static partial class Validators
         /// <returns>A <see cref="ValidationResult{TResult}"/> indicating whether validation was successful, and providing a <see cref="SecurityTokenInvalidLifetimeException"/> if it was not.</returns>
         /// <remarks>All time comparisons apply <see cref="ValidationParameters.ClockSkew"/>.</remarks>
 #pragma warning disable CA1801
-        internal static ValidationResult<ValidatedLifetime> ValidateLifetime(
+        public static ValidationResult<ValidatedLifetime> ValidateLifetime(
             DateTime? notBefore,
             DateTime? expires,
             SecurityToken? securityToken,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs

@@ -15,7 +15,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
     /// <returns>A <see cref="ValidationResult{TResult}"/>that contains the results of validating the token.</returns>
     /// <remarks>This delegate is not expected to throw.</remarks>
-    internal delegate ValidationResult<DateTime?> TokenReplayValidationDelegate(
+    public delegate ValidationResult<DateTime?> TokenReplayValidationDelegate(
         DateTime? expirationTime,
         string securityToken,
         ValidationParameters validationParameters,
@@ -34,7 +34,7 @@ public static partial class Validators
         /// <param name="validationParameters">The <see cref="ValidationParameters"/> to be used for validating the token.</param>
         /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
 #pragma warning disable CA1801 // Review unused parameters
-        internal static ValidationResult<DateTime?> ValidateTokenReplay(
+        public static ValidationResult<DateTime?> ValidateTokenReplay(
             DateTime? expirationTime,
             string securityToken,
             ValidationParameters validationParameters,

src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenType.cs

@@ -17,7 +17,7 @@ namespace Microsoft.IdentityModel.Tokens
     /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
     /// <returns> A <see cref="ValidationResult{TResult}"/>that contains the results of validating the token type.</returns>
     /// <remarks>An EXACT match is required. <see cref="StringComparison.Ordinal"/> (case sensitive) is used for comparing <paramref name="type"/> against <see cref="ValidationParameters.ValidTypes"/>.</remarks>
-    internal delegate ValidationResult<ValidatedTokenType> TokenTypeValidationDelegate(
+    public delegate ValidationResult<ValidatedTokenType> TokenTypeValidationDelegate(
         string? type,
         SecurityToken? securityToken,
         ValidationParameters validationParameters,
@@ -37,11 +37,11 @@ public static partial class Validators
         /// <param name="callContext">The <see cref="CallContext"/> that contains call information.</param>
         /// <returns> A <see cref="ValidationResult{TResult}"/>that contains the results of validating the token type.</returns>
         /// <remarks>An EXACT match is required. <see cref="StringComparison.Ordinal"/> (case sensitive) is used for comparing <paramref name="type"/> against <see cref="ValidationParameters.ValidTypes"/>.</remarks>
-#pragma warning disable CA1801
-        internal static ValidationResult<ValidatedTokenType> ValidateTokenType(
+        public static ValidationResult<ValidatedTokenType> ValidateTokenType(
             string? type,
             SecurityToken? securityToken,
             ValidationParameters validationParameters,
+#pragma warning disable CA1801
             CallContext callContext)
 #pragma warning restore CA1801
         {