Review Jwt vs OIDC handling of TVP.ValidIssuer vs ValidIssuers

[Tratcher]

Inspired by: aspnet/AspNetKatana#55
Jwt and OIDC don't use the same logic for dealing with Issuers:

Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs

Lines 136 to 150 in 99aa3bd

	var validationParameters = Options.TokenValidationParameters.Clone();
	if (_configuration != null)
	{
	if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer))
	{
	validationParameters.ValidIssuer = _configuration.Issuer;
	}
	else
	{
	var issuers = new[] { _configuration.Issuer };
	validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
	}
	validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
	}

Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs

Lines 1216 to 1228 in 99aa3bd

	if (_configuration != null)
	{
	if (string.IsNullOrEmpty(validationParameters.ValidIssuer))
	{
	validationParameters.ValidIssuer = _configuration.Issuer;
	}
	else if (!string.IsNullOrEmpty(_configuration.Issuer))
	{
	validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
	}
	validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
	}

[Tratcher]

@brentschmaltz

[Eilon]

@Tratcher - can you set up a few minutes with @brentschmaltz to go over this?

[Tratcher]

IM will look at both the single value and the list, so we can simplify the code to always work with the list at our layer.