Bump Microsoft.IdentityModel.Tokens from 6.11.0 to 6.14.1

[dependabot]

Bumps Microsoft.IdentityModel.Tokens from 6.11.0 to 6.14.1.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

6.14.1

Bug Fixes:

The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .

6.14.0

New Features

A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.

Bug Fixes

Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.

aka.ms link added for issuer validation failure. See issue #1732.

Fix broken rfc link. See issue #1728.

Add const for the OIDC scope "phone". See #1720.

Use https for hyperlinks in XLM. See #1719.

6.13.1

Updating comments to help improve correct usage #1705

SignedHttpRequests New exceptions and delegate for validation. #1704

Base64UrlEncoder performance improvements #1698

Improve comments to clarify API usage and avoid unintentional validation weakening #1687

Modify how internal caching runs tasks Change to starting the event queue task via the Task.Run() method so it is on the default task scheduler and will not interfere with caller's task scheduler as some custom task schedulers might be single threaded and execution can be blocked. The second change is replacing the BlockingCollection with ConcurrentQueue to prevent resource leaks #1696

Adding the BaseConfigurationManager and BaseConfiguration This simplifies access to first class properties such as RefreshInterval etc. Some of the properties in TokenValidationParameter were left as internal as they are required for a future feature that requires additional work. #1695

NOTE: Version 6.13.0 should NOT be used. In version 6.13.0, users were experiencing an issue where they could not use a ConfigurationManager where T is a custom class. This has been addressed in 6.13.1.

6.12.2

BugFixes

Stop the event queue task when event queue is empty (#1685)

... (truncated)

Commits

• fc59ad5 handle multi-schemes in AadIssuerValidator (#1753)
• 9b7feb2 update to latest release 6.14.0 (#1751)
• 54af78f use windows only for linux test (#1746)
• 8eecd75 fix build issue w/log messages that are unused. (#1744)
• 7e732dd Revert "Add singleton CallContext.Default (#1740)" (#1745)
• 0780249 Use https for hyperlinks (#1719)
• 0faea95 Add const for the standard scope "phone" (#1720)
• 1de9fc7 fix rfc link (#1737)
• b4aded6 Add aka.ms link for issuer validation failure #1732 (#1741)
• 697f090 initial commit to move issuer validator to separate assembly from idweb (#1736)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Unit tests results

  12 files    10 suites   3s ⏱️
335 tests 335 ✔️ 0 💤 0 ❌

Results for commit 63822d0.

[dependabot]

Superseded by #155.