8.0.2

8.0.2

Security fundamentals

• Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

• IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.
• Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.
• Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.
• Metadata is now updated on a background thread. See #2780 for details.
• JsonWebKeySet stores the original string it was created with. See PR #2755 for details.
• Restore AOT compatibility. See #2711.
• Fix OpenIdConnect parsing bug. See #2772 for details.
• Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

• Test clean up #2742.
• Use only FxCop in .NET framework targets #2693.
• Add rule to add file headers automatically #2748.
• Code analysis updates #2746.
• Include README packages in NuGet #2752.
• Update projects inside WilsonUnix solution #2768.
• Code style enforced in build #2603.
• CodeQL update #2767.
• Update build pipeline to new one release build format #2777.
• Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

• #2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

What's Changed

• Remove old 6x tests used that are not needed anymore by @brentschmaltz in #2742
• Only use fxcop in netfw by @keegan-caruso in #2693
• Allow Jwt payload to be the empty string. by @brentschmaltz in #2745
• Add rule to add file headers automatically. by @pmaytak in #2748
• Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @FuPingFranco in #2725
• Fix CodeQL by @pmaytak in #2746
• Cache UseRfcDefinitionOfEpkAndKid switch. by @pmaytak in #2747
• Decrypt token: Remove exceptions + use new ValidationParameters by @iNinja in #2729
• Include README packages in NuGet by @localden in #2752
• Remove internals for new work. by @brentschmaltz in #2753
• Add property named differently in 7x. by @brentschmaltz in #2756
• Remove SlimLock when updating metadata. by @brentschmaltz in #2751
• Revert "Remove SlimLock when updating metadata. (#2751)" by @keegan-caruso in #2762
• Remove Delegate Checks Audience Validator and Prevents Null Setting of Delegate by @FuPingFranco in #2758
• Re-factor Issuer Validator to Follow New Validation Model by @FuPingFranco in #2759
• Update projects inside WilsonUnix solution by @iNinja in #2768
• JsonWebKeySet stores the String it was created with by @westin-m in #2755
• Signature Validation: Remove exceptions by @iNinja in #2757
• Validate IssuerSigningKey: Refactor to use ValidationParameters over TVP by @iNinja in #2764
• Enable EnforceCodeStyleInBuild and fix findings by @keegan-caruso in #2763
• Restore AOT compatibility for IdentityModel by @iNinja in #2773
• try to fix codeQL by @jennyf19 in #2767
• Fix Open Id connect parsing bug. by @keegan-caruso in #2776
• ValidateTokenAsync: New code path by @iNinja in #2771
• Add lock when configuration is null by @brentschmaltz in #2780
• Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors by @pmaytak in #2778
• Adding benchmark for new ValidateTokenAsync model vs old by @FuPingFranco in #2779
• updates for one build by @jennyf19 in #2777
• update to 9.0.100-preview.7.24407.12 by @jennyf19 in #2786
• Remove lock when creating a SignatureProvider by @brentschmaltz in #2788

New Contributors

• @localden made their first contribution in #2752

Full Changelog: 8.0.1...8.0.2