Bump Microsoft.Identity.Web, Microsoft.AspNetCore.Authentication.JwtBearer and Microsoft.AspNetCore.Authentication.OpenIdConnect

[dependabot]

Bumps Microsoft.Identity.Web, Microsoft.AspNetCore.Authentication.JwtBearer and Microsoft.AspNetCore.Authentication.OpenIdConnect. These dependencies needed to be updated together.
Updates Microsoft.Identity.Web from 1.25.10 to 2.16.0

Release notes

Sourced from Microsoft.Identity.Web's releases.

2.14.0

• Update to Abstractions 5.0.0
• Include new OpenIdConnect options from net 8. See PR #2462

Bug Fixes

• Chain the OnMessageReceived event. See PR #2468

2.15.5

• Update to .NET 8 GA
• Update to Microsoft.Graph 5.34.0

Bug Fixes

• Fixes an issue where users were not able to override ICredentialsLoader. See #2564 for details.
• The latest patch version is no longer used in dependencies, as it made builds non-deterministic. See #2569 for details.
• Removed dependencies that were no longer needed. See #2577 for details.
• Fixes an issue where the build did not look up project names as package dependencies. See #2579 for more details.

Fundamentals

• Enable baseline package validation, see #2572 for details.
• Improve trimmability on .NET 8, see #2574 for details.

2.15.3

• Update Azure.Identity library to 1.10.2 for CVE-2023-36414.

Bug Fixes:

• Microsoft.Identity.Web honors the user-provided value for the cache expiry for in-memory cache. See #2466 for details.

2.15.2

• For the .NET 8 rc2 target framework, the IdentityModel dependencies have been updated to Identity.Model.*.7.0.3.

Bug Fixes

• Fixes a regression introduced in 2.15.0 where the OnTokenValidated delegates were no longer chained with an await. See issue#2513.

2.15.1

• Updated IdentityModel dependencies to Identity.Model.*.6.33.0 for all target frameworks other than .NET 8 rc1, for which Microsoft,Identity.Web leverages Identity.Model 7.0.2

New features

• TokenAcquirerFactory now adds support for reading the configuration from environment variables. See issue #2480

Experimental API

(to get feedback, could change without bumping-up the major version)

• It's now possible for an application to observe the client certificate selected by Token acquirer from the ClientCredentials properties, and when the certicate is un-selected (because it's rejected by the Identity Provider, as expired, or revoked). See Observing client certificates. PR #2496

Bug Fixes

• Fixes a resiliency issue where the client certificate rotation wasn't always happening (from KeyKeyVault, or certificate store with same distinguished name). See #2496 for details.
• In the override of AddMicrosoftIdentityWebApp taking a delegate, the delegate is now called only once (it was called twice causing the TokenValidated event to be called twice as well). Fixes #2328

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

2.16.0

• Leverage IdentityModel 7.x on all .NET core frameworks.

2.15.5

• Update to .NET 8 GA
• Update to Microsoft.Graph 5.34.0

Bug Fixes

• Fixes an issue where users were not able to override ICredentialsLoader. See #2564 for details.
• The latest patch version is no longer used in dependencies, as it made builds non-deterministic. See #2569 for details.
• Removed dependencies that were no longer needed. See #2577 for details.
• Fixes an issue where the build did not look up project names as package dependencies. See #2579 for more details.

Fundamentals

• Enable baseline package validation, see #2572 for details.
• Improve trimmability on .NET 8, see #2574 for details.

2.15.3

• Update Azure.Identity library to 1.10.2 for CVE-2023-36414.

Bug Fixes:

• Microsoft.Identity.Web honors the user-provided value for the cache expiry for in-memory cache. See #2466 for details.

2.15.2

• For the .NET 8 rc2 target framework, the IdentityModel dependencies have been updated to Identity.Model.*.7.0.3.

Bug Fixes

• Fixes a regression introduced in 2.15.0 where the OnTokenValidated delegates were no longer chained with an await. See issue#2513.

2.15.1

• Updated IdentityModel dependencies to Identity.Model.*.6.33.0 for all target frameworks other than .NET 8 rc1, for which Microsoft,Identity.Web leverages Identity.Model 7.0.2

2.15.0

New features

• TokenAcquirerFactory now adds support for reading the configuration from environment variables. See issue #2480

Experimental API

(to get feedback, could change without bumping-up the major version)

• It's now possible for an application to observe the client certificate selected by Token acquirer from the ClientCredentials properties, and when the certicate is un-selected (because it's rejected by the Identity Provider, as expired, or revoked). See Observing client certificates. PR #2496

Bug Fixes

• Fixes a resiliency issue where the client certificate rotation wasn't always happening (from KeyKeyVault, or certificate store with same distinguished name). See #2496 for details.
• In the override of AddMicrosoftIdentityWebApp taking a delegate, the delegate is now called only once (it was called twice causing the TokenValidated event to be called twice as well). Fixes #2328
• Fixes a regression introduced in 2.13.3, causing the configuration to not be read, when using an app builder other than the WindowsAppBuilder with AddMicroosftIdentityWebApp/Api, unless you provided an empty authentication scheme when acquiring a token. Fixes #2460, #2410, #2394

... (truncated)

Commits

• See full diff in compare view

Updates Microsoft.AspNetCore.Authentication.JwtBearer from 7.0.5 to 8.0.0

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 8.0.0

Release

.NET 8.0 RC 2

Release

.NET 8.0 RC 1

Release

.NET 8.0 Preview 7

Release

.NET 8.0 Preview 6

Release

.NET 8.0 Preview 5

Release

.NET 8.0 Preview 4

Release

.NET 8.0 Preview 3

Release

.NET 8.0 Preview 2

Release

.NET 8.0 Preview 1

Release

.NET 7.0.14

Release

What's Changed

• [release/7.0] Update jquery-validation to v1.19.5 by @​github-actions in dotnet/aspnetcore#50483
• Merging internal commits for release/7.0 by @​vseanreesermsft in dotnet/aspnetcore#50660
• [release/7.0] Fix 6.0 SiteExtension version by @​wtgodbe in dotnet/aspnetcore#50708
• Update branding to 7.0.13 by @​vseanreesermsft in dotnet/aspnetcore#51116
• [release/7.0] (deps): Bump src/submodules/googletest from 8a6feab to e47544a by @​dependabot in dotnet/aspnetcore#51051
• [release/7.0] Fix DragDrop_CanTrigger() flakiness by @​MackinnonBuck in dotnet/aspnetcore#51141
• [release/7.0] Dispose CTS in HubConnection streaming by @​github-actions in dotnet/aspnetcore#51138
• Merging internal commits for release/7.0 by @​vseanreesermsft in dotnet/aspnetcore#51266
• [release/7.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#51327
• Update branding to 7.0.14 by @​vseanreesermsft in dotnet/aspnetcore#51479

Full Changelog: dotnet/aspnetcore@v7.0.13...v7.0.14

.NET 7.0.13

Release

... (truncated)

Commits

• 3f1acb5 Merged PR 34970: [internal/release/8.0] Update dependencies from dnceng/inter...
• 3caebba Merged PR 34962: [internal/release/8.0] Update dependencies from dnceng/inter...
• c608ee3 Merge in 'release/8.0' changes
• 9506f5a Quarantine ConnectionClosedWithoutActiveRequestsOrGoAwayFIN (#51771)
• c8270da Merge in 'release/8.0' changes
• 892b10b Remove selenium-standalone; update Selenium.WebDriver (#51775)
• c26c6ca Merged PR 34926: [internal/release/8.0] Update dependencies from dnceng/inter...
• 43bcd57 Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• 4753bec [internal/release/8.0] Update dependencies from dnceng/internal/dotnet-runtime
• 4f7f2fd [internal/release/8.0] Update dependencies from dnceng/internal/dotnet-efcore
• Additional commits viewable in compare view

Updates Microsoft.AspNetCore.Authentication.OpenIdConnect from 7.0.11 to 8.0.0

Release notes

Sourced from Microsoft.AspNetCore.Authentication.OpenIdConnect's releases.

.NET 8.0.0

Release

.NET 8.0 RC 2

Release

.NET 8.0 RC 1

Release

.NET 8.0 Preview 7

Release

.NET 8.0 Preview 6

Release

.NET 8.0 Preview 5

Release

.NET 8.0 Preview 4

Release

.NET 8.0 Preview 3

Release

.NET 8.0 Preview 2

Release

.NET 8.0 Preview 1

Release

.NET 7.0.14

Release

What's Changed

• [release/7.0] Update jquery-validation to v1.19.5 by @​github-actions in dotnet/aspnetcore#50483
• Merging internal commits for release/7.0 by @​vseanreesermsft in dotnet/aspnetcore#50660
• [release/7.0] Fix 6.0 SiteExtension version by @​wtgodbe in dotnet/aspnetcore#50708
• Update branding to 7.0.13 by @​vseanreesermsft in dotnet/aspnetcore#51116
• [release/7.0] (deps): Bump src/submodules/googletest from 8a6feab to e47544a by @​dependabot in dotnet/aspnetcore#51051
• [release/7.0] Fix DragDrop_CanTrigger() flakiness by @​MackinnonBuck in dotnet/aspnetcore#51141
• [release/7.0] Dispose CTS in HubConnection streaming by @​github-actions in dotnet/aspnetcore#51138
• Merging internal commits for release/7.0 by @​vseanreesermsft in dotnet/aspnetcore#51266
• [release/7.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#51327
• Update branding to 7.0.14 by @​vseanreesermsft in dotnet/aspnetcore#51479

Full Changelog: dotnet/aspnetcore@v7.0.13...v7.0.14

.NET 7.0.13

Release

... (truncated)

Commits

• 3f1acb5 Merged PR 34970: [internal/release/8.0] Update dependencies from dnceng/inter...
• 3caebba Merged PR 34962: [internal/release/8.0] Update dependencies from dnceng/inter...
• c608ee3 Merge in 'release/8.0' changes
• 9506f5a Quarantine ConnectionClosedWithoutActiveRequestsOrGoAwayFIN (#51771)
• c8270da Merge in 'release/8.0' changes
• 892b10b Remove selenium-standalone; update Selenium.WebDriver (#51775)
• c26c6ca Merged PR 34926: [internal/release/8.0] Update dependencies from dnceng/inter...
• 43bcd57 Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• 4753bec [internal/release/8.0] Update dependencies from dnceng/internal/dotnet-runtime
• 4f7f2fd [internal/release/8.0] Update dependencies from dnceng/internal/dotnet-efcore
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)