azure-activedirectory-identitymodel-extensions-for-dotnet
azure-activedirectory-identitymodel-extensions-for-dotnet copied to clipboard
AzureAD
IdentityModel extensions for .Net
**Which version of Microsoft.IdentityModel are you using?** Note that to get help, you need to run the latest version. System.IdentityModel.Tokens.Jwt 6.12 **Where is the issue?** * [x] S.IM.Tokens.Jwt **Is this...
Using latest version: System.IdentityModel.Tokens.Jwt 6.25.1 with following transitive dependencies: Microsoft.IdentityModel.JsonWebTokens 6.25.1 Microsoft.IdentityModel.Tokens 6.25.1 The problem is dependency on System.Text.Json, 4.7.2 This version is affected by CVE-2021-26701 (https://github.com/advisories/GHSA-ghhp-997w-qr28) through transitive dependency...
**Which version of Microsoft.IdentityModel are you using?** 6.15.1 **Where is the issue?** * [X] M.IM.Protocols **Is this a new or an existing app?** a. The app exists and I have...
**Is your feature request related to a problem? Please describe.** We had a case where `TokenValidationParameters.IssuerSigningKeys` was empty and `TokenValidationParameters.IssuerSigningKey` was null (an edge case in a higher level auth...
**Which version of Microsoft.IdentityModel are you using?** Microsoft.IdentityModel 6.30.1 **Where is the issue?** * [ X] M.IM.JsonWebTokens * [ ] M.IM.KeyVaultExtensions * [ ] M.IM.Logging * [ ] M.IM.ManagedKeyVaultSecurityKey *...
**Which version of Microsoft.IdentityModel are you using?** 6.32.0, 7.0.0 **Where is the issue?** * [ ] M.IM.JsonWebTokens * [x] M.IM.KeyVaultExtensions * [ ] M.IM.Logging * [ ] M.IM.ManagedKeyVaultSecurityKey * [...
**What?** We have some partners which are running into issues due to an explicit/forced usage of 4.7.2 version of System.Text.Encodings.Web. It appears that the explicit reference is not required for...
The official Key Vault docs around signature verification (https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates) state "Verification of signed hashes is supported as a convenience operation for applications that may not have access to [public] key...
Currently we are using all certificates, which are part of 'x5c' certificate chain, as X509SecurityKeys. By the [rfc7517](https://tools.ietf.org/html/rfc7517#section-4.7), only the first key should be used to perform any signing operations....
Currently a user could add multiple of the same transform in a single reference. There should be only one type of Canonical algorithm (with or without comments). All other transforms...
