Update System.IdentityModel.Tokens.Jwt to 6.6 (#22846)

HaoK · John Luo · web-flow · commit be0b9e48b587 · 2020-06-25T14:25:59.000-07:00
* Update System.IdentityModel.Tokens.Jwt to 6.6

* Update Versions.props

* Add newtonsoft refs

* Update OIDC instructions

* Fixup JwtBearerSample TFM

Co-authored-by: John Luo &lt;johluo@microsoft.com&gt;
diff --git a/eng/Versions.props b/eng/Versions.props
@@ -189,16 +189,16 @@
     <MicrosoftCodeAnalysisCSharpPackageVersion>3.4.0</MicrosoftCodeAnalysisCSharpPackageVersion>
     <MicrosoftCodeAnalysisCSharpWorkspacesPackageVersion>3.4.0</MicrosoftCodeAnalysisCSharpWorkspacesPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.19.8</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
-    <MicrosoftIdentityModelLoggingPackageVersion>5.5.0</MicrosoftIdentityModelLoggingPackageVersion>
-    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.5.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
-    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.5.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
+    <MicrosoftIdentityModelLoggingPackageVersion>6.6.0</MicrosoftIdentityModelLoggingPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>6.6.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>6.6.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftInternalAspNetCoreH2SpecAllPackageVersion>2.2.1</MicrosoftInternalAspNetCoreH2SpecAllPackageVersion>
     <MicrosoftNETCoreWindowsApiSetsPackageVersion>1.0.1</MicrosoftNETCoreWindowsApiSetsPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
     <MicrosoftWebAdministrationPackageVersion>11.1.0</MicrosoftWebAdministrationPackageVersion>
     <MicrosoftWebXdtPackageVersion>1.4.0</MicrosoftWebXdtPackageVersion>
-    <SystemIdentityModelTokensJwtPackageVersion>5.5.0</SystemIdentityModelTokensJwtPackageVersion>
+    <SystemIdentityModelTokensJwtPackageVersion>6.6.0</SystemIdentityModelTokensJwtPackageVersion>
     <!-- Packages from 2.1/2.2 branches used for site extension build -->
     <MicrosoftAspNetCoreAzureAppServicesSiteExtension21PackageVersion>2.1.1</MicrosoftAspNetCoreAzureAppServicesSiteExtension21PackageVersion>
     <MicrosoftAspNetCoreAzureAppServicesSiteExtension22PackageVersion>2.2.0</MicrosoftAspNetCoreAzureAppServicesSiteExtension22PackageVersion>
diff --git a/src/MusicStore/samples/MusicStore/MusicStore.csproj b/src/MusicStore/samples/MusicStore/MusicStore.csproj
@@ -35,6 +35,7 @@
     <Reference Include="Microsoft.Extensions.Configuration.CommandLine" />
     <!-- Avoid CS1705 errors due to mix of assemblies brought in transitively. -->
     <Reference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
+    <Reference Include="Newtonsoft.Json" />
   </ItemGroup>
 
   <Target Name="VerifyPrecompiledViews" AfterTargets="Publish">
diff --git a/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/JwtBearerSample.csproj b/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,7 +1,7 @@
 ﻿<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
     <AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
  </PropertyGroup>
diff --git a/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
     <AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
   </PropertyGroup>
diff --git a/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/Readme.md b/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/Readme.md
@@ -1,6 +1,6 @@
 # How to set up the sample locally
 
-The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform.
+The OpenIdConnect sample supports multiple authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform.
 
 ## Determine your development environment and a few key variables
 
@@ -14,19 +14,21 @@ If the application is run from command line or terminal, environment variable AS
 
 1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
 2. Open the newly created AAD in Azure web portal.
-3. Navigate to the Applications tab.
+3. Navigate to the App registrations tab.
 4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
-5. Naigate to the Application, and click the Configure tab.
+5. Navigate to the Application, and click the Configure tab.
 6. Find and save the "Client Id".
 7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
 8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like `https://login.microsoftonline.com/<guid>`.
+9. Click the Authentication tab and check (i.e. enable) the ID tokens option under "Implicit grant".
+10. On the Authentication tab, ensure the "Redirect URIs" is set to `https://localhost:44318/signin-oidc` (i.e. the sample application's URI appended with "/signin-oidc")
 
-### Configure with Google Identity Platform 
+### Configure with Google Identity Platform
 
 1. Create a new project through [Google APIs](https://console.developers.google.com).
 2. In the sidebar choose "Credentials".
 3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
-4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID". 
+4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID".
 5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with `https://localhost:44318/signin-oidc`.
 6. Save the "Client ID" and "Client Secret" shown in the dialog.
 7. The "Authority URL" for Google Authentication is `https://accounts.google.com/`.
@@ -41,4 +43,4 @@ dotnet user-secrets set oidc:clientid <Client Id>
 dotnet user-secrets set oidc:clientsecret <Client Secret>
 dotnet user-secrets set oidc:authority <Authority URL>
 ```
-
+3. Update the call to `AddOpenIdConnect()` in `ConfigureServices` to use the configuration values from user secrets.
diff --git a/src/SignalR/clients/ts/FunctionalTests/SignalR.Client.FunctionalTestApp.csproj b/src/SignalR/clients/ts/FunctionalTests/SignalR.Client.FunctionalTestApp.csproj
@@ -34,6 +34,7 @@
     <Reference Include="Microsoft.AspNetCore.StaticFiles" />
     <Reference Include="Microsoft.Extensions.Logging.Console" />
     <Reference Include="Microsoft.Extensions.Logging.Debug" />
+    <Reference Include="Newtonsoft.Json" />
     <Reference Include="System.Reactive.Linq" />
     <!-- Avoid CS1705 errors due to mix of assemblies brought in transitively. -->
     <Reference Include="Microsoft.AspNetCore.SignalR.Common" />
