8.1.0

8.1.0

Performance improvements

• Improves performance during issuer validation by replacing string comparison with span comparison. See PR #2826.

New features

• Add optional check to prevent using keys that are shared across multiple clouds. See issue #2832 for details.

Bug fixes

• JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue #2695 for details.

Fundamentals

• Fix flaky tests. See #2793 for details.
• Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR #2796 for details.
• Onhboard to code coverage in ADO. See PR #2798.
• Use IsTargetFrameworkCompatible(*) so AOT is forward-compatible with .NET 9 and beyond. See PR #2790 for details.
• Fix a merge conflict impacting dev. See PR #2819.
• Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.
  [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR #2820.
• Remove perl dependency. See PR #2830.

Work related to redesign of IdentityModel's token validation logic #2711

• #2794
• #2800
• #2810
• #2811
• #2816
• #2822
• #2815
• #2818
• #2813
• #2827

What's Changed

• changelog 8.0.2 by @jennyf19 in #2792
• Update version.props to 8.0.2 by @jennyf19 in #2791
• Fix Async Issue in Extensibility Tests by @FuPingFranco in #2795
• Update xUnit version and fix test warnings by @pmaytak in #2796
• ValidateTokenAsync - New Path: Refactor result types by @iNinja in #2794
• Onboard to code coverage in ADO by @keegan-caruso in #2798
• Exception refinement: Adding additional information by @iNinja in #2800
• Add initial regression tests for the new validation path by @iNinja in #2810
• Use IsTargetFrameworkCompatible() by @martincostello in #2790
• Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @iNinja in #2811
• Return unwrapped keys if able by @keegan-caruso in #2812
• New token validation path: Renamed result types by @iNinja in #2816
• Fix merge conflict by @msbw2 in #2819
• Removed attribute that causes issues with internal builds. by @brentschmaltz in #2820
• Add missing exception type to ValidationError -> GetException() by @iNinja in #2822
• Regression testing: Add JWE use cases by @iNinja in #2815
• Added ArgumentNullException type with ValidationError by @iNinja in #2818
• Enable TimeProvider on New Model by @FuPingFranco in #2813
• Split tests into parameter testing and value testing by @brentschmaltz in #2827
• Remove perl dependency by @keegan-caruso in #2830
• Uses spans for issuer comparison and fixes prior index out of range error by @sruke in #2826
• Add cloud instance name validation by @alexholub113 in #2804
• Update to 9.0.100-rc.1 by @kellyyangsong in #2821
• CertificateHelper.LoadX509Certificate() takes string instead of byte[] to reduce calls to Convert.FromBase64String by @kellyyangsong in #2834
• Use correct runtime in test-aot.ps1 by @msbw2 in #2837
• move to public nuget and address CVEs by @jennyf19 in #2836
• 8.0.3 changelog by @jennyf19 in #2831
• fix policheck issue by @jennyf19 in #2843
• fix net9 xunit runner by @jennyf19 in #2844

New Contributors

• @alexholub113 made their first contribution in #2804

Full Changelog: 8.0.2...8.1.0