Skip to content

Update the Microsoft.IdentityModel.* and Microsoft.Identity.Web.* packages to the latest patch release (7.0.3 & 2.15.2) #51430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 18, 2023
Merged

Update the Microsoft.IdentityModel.* and Microsoft.Identity.Web.* packages to the latest patch release (7.0.3 & 2.15.2) #51430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4b7de17
Update IdentityModel to v 7.0.3
mkArtakMSFT Oct 17, 2023
25c77b5
Updated Microsoft.Identity.Web.* package versions
mkArtakMSFT Oct 18, 2023
046d2bb
Update dependencies from https://github.com/dotnet/source-build-exter…
dotnet-maestro[bot] Oct 18, 2023
b61e027
Add NoWarn="NU1605" to WebApi-CSharp.csproj.in
halter73 Oct 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions eng/Version.Details.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,9 +189,9 @@
<Uri>https://github.com/dotnet/runtime</Uri>
<Sha>60b77a63df30362ed1c66a834fcb8f8956ea113b</Sha>
</Dependency>
<Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-externals" Version="8.0.0-alpha.1.23502.1">
<Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-externals" Version="8.0.0-alpha.1.23518.1">
<Uri>https://github.com/dotnet/source-build-externals</Uri>
<Sha>ed17956dbc31097b7ba6a66be086f4a70a97d84f</Sha>
<Sha>3dc05150cf234f76f6936dcb2853d31a0da1f60e</Sha>
<SourceBuild RepoName="source-build-externals" ManagedOnly="true" />
</Dependency>
<Dependency Name="Microsoft.SourceBuild.Intermediate.symreader" Version="2.0.0-beta-23228-03">
Expand Down
12 changes: 6 additions & 6 deletions eng/Versions.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<PreReleaseVersionIteration>
</PreReleaseVersionIteration>
<ValidateBaseline>true</ValidateBaseline>
<IdentityModelVersion>7.0.0</IdentityModelVersion>
<IdentityModelVersion>7.0.3</IdentityModelVersion>
<!--
When StabilizePackageVersion is set to 'true', this branch will produce stable outputs for 'Shipping' packages
-->
Expand Down Expand Up @@ -165,7 +165,7 @@
<MicrosoftDotNetBuildTasksTemplatingVersion>8.0.0-beta.23463.1</MicrosoftDotNetBuildTasksTemplatingVersion>
<MicrosoftDotNetRemoteExecutorVersion>8.0.0-beta.23463.1</MicrosoftDotNetRemoteExecutorVersion>
<!-- Packages from dotnet/source-build-externals -->
<MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>8.0.0-alpha.1.23502.1</MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>
<MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>8.0.0-alpha.1.23518.1</MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>
<!-- Packages from dotnet/source-build-reference-packages -->
<MicrosoftSourceBuildIntermediatesourcebuildreferencepackagesVersion>8.0.0-alpha.1.23510.2</MicrosoftSourceBuildIntermediatesourcebuildreferencepackagesVersion>
<!-- Packages from dotnet/symreader -->
Expand Down Expand Up @@ -298,10 +298,10 @@
<GrpcNetClientVersion>2.57.0</GrpcNetClientVersion>
<GrpcToolsVersion>2.57.0</GrpcToolsVersion>
<MessagePackVersion>2.5.108</MessagePackVersion>
<MicrosoftIdentityWebVersion>2.13.0</MicrosoftIdentityWebVersion>
<MicrosoftIdentityWebGraphServiceClientVersion>2.13.0</MicrosoftIdentityWebGraphServiceClientVersion>
<MicrosoftIdentityWebUIVersion>2.13.0</MicrosoftIdentityWebUIVersion>
<MicrosoftIdentityWebDownstreamApiVersion>2.13.0</MicrosoftIdentityWebDownstreamApiVersion>
<MicrosoftIdentityWebVersion>2.15.2</MicrosoftIdentityWebVersion>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It still looks like this has a 6.33.0 rather than a 7.0.3 dependency on Microsoft.IdentityModel.Validators for everything but the net8.0 TFM.

https://www.nuget.org/packages/Microsoft.Identity.Web/2.15.2#dependencies-body-tab

This is probably okay given we only really need Microsoft.IdentityModel.Validators 7.0.3 for .NET 8 as the old OIDC handler avoids the issue, but it is odd to leave it at 6.33.0 for all the other TFMs. Is 7.0.3 known to be broken on the non-net8.0 TFMs? @jennyf19

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I has 7.0.3 for the .NET 8.0 target framework, and 6.33.0 for the other target framework, @halter73 ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I has 7.0.3 for the .NET 8.0 target framework, and 6.33.0 for the other target framework

I noticed that. That's why I mentioned it was "for everything but the net8.0 TFM."

It's not a huge problem. It probably even makes sense for Microsft.AspNetCore.* and Microsoft.Extensions.* where using 7.x packages on necoreapp3.1 to avoid issues related to breaking changes in the ASP.NET Core shared runtime. For example Microsoft.AspNetCore.Authentication.JwtBearer 3.1.x only directly targets necoreapp3.1 and isn't tested on newer runtimes.

However, I don't think it makes sense for any of the other packages. You ship Microsoft.IdentityModel.Validators yourself, it has no direct or indirect Microsft.AspNetCore.* or Microsoft.Extensions.* dependency I see, and it directly targets net8.0, net6.0, netstardard2.0, etc.. Why wouldn't you use the latest Microsoft.IdentityModel.Validators as a dependency in the latest Microsoft.Identity.Web net6.0 TFM? The latest Microsoft.IdentityModel.Validators also directly targets net6.0!

<MicrosoftIdentityWebGraphServiceClientVersion>2.15.2</MicrosoftIdentityWebGraphServiceClientVersion>
<MicrosoftIdentityWebUIVersion>2.15.2</MicrosoftIdentityWebUIVersion>
<MicrosoftIdentityWebDownstreamApiVersion>2.15.2</MicrosoftIdentityWebDownstreamApiVersion>
<MessagePackAnalyzerVersion>$(MessagePackVersion)</MessagePackAnalyzerVersion>
<MoqVersion>4.10.0</MoqVersion>
<MonoCecilVersion>0.11.2</MonoCecilVersion>
Expand Down
4 changes: 2 additions & 2 deletions src/ProjectTemplates/Web.ProjectTemplates/WebApi-CSharp.csproj.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@

<!--#if (OrganizationalAuth || IndividualB2CAuth || EnableOpenAPI || WindowsAuth) -->
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="${MicrosoftAspNetCoreAuthenticationJwtBearerVersion}" Condition="'$(OrganizationalAuth)' == 'True' OR '$(IndividualB2CAuth)' == 'True'" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="${MicrosoftAspNetCoreAuthenticationJwtBearerVersion}" Condition="'$(OrganizationalAuth)' == 'True' OR '$(IndividualB2CAuth)' == 'True'" NoWarn="NU1605" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="${MicrosoftAspNetCoreAuthenticationNegotiateVersion}" Condition="'$(WindowsAuth)' == 'True'" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="${MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion}" Condition="'$(OrganizationalAuth)' == 'True' OR '$(IndividualB2CAuth)' == 'True'" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="${MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion}" Condition="'$(OrganizationalAuth)' == 'True' OR '$(IndividualB2CAuth)' == 'True'" NoWarn="NU1605" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="${MicrosoftAspNetCoreOpenApiVersion}" Condition="'$(EnableOpenAPI)' == 'True' AND '$(UsingMinimalAPIs)' == 'True'" />
<PackageReference Include="Microsoft.Identity.Web" Version="${MicrosoftIdentityWebVersion}" Condition="'$(OrganizationalAuth)' == 'True' OR '$(IndividualB2CAuth)' == 'True'"/>
<PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="${MicrosoftIdentityWebGraphServiceClientVersion}" Condition=" '$(GenerateGraph)' == 'True' " />
Expand Down