Why we need `ReaderWriterLockSlim` in OpenIdConnectCachingSecurityTokenProvider?

[LeTranAnhVu]

The class OpenIdConnectCachingSecurityTokenProvider uses read/write lock of ReaderWriterLockSlim before get issuer and keys. I am wondering, why we need to use lock here? and what happen if we don't?

[mderriey]

I've done a write-up of my findings about the locking behaviour that we're confident caused a deadlock-like situation for us under enough concurrent requests.

https://github.com/AzureAD/microsoft-identity-web/issues/3078.