Bump System.IdentityModel.Tokens.Jwt from 6.10.0 to 6.15.0

[dependabot]

Bumps System.IdentityModel.Tokens.Jwt from 6.10.0 to 6.15.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

6.15.0

New Features

• Added support for the Last Known Good feature (#1723)
• Made logging more legible by displaying Non-PII information in clear text (#1757)
• Added new GitHub Templates to report bugs (#1756)
• Added the OpenID standard scope "address" (#1787)

Enhancements

• Added multi-auth scheme support in AadIssuerValidator (#1753)
• Added default values for TokenValidationParameters (#1767)
• Improved logging to indicate issuer is an empty string (#1758) (#1761)
• Improved exception handling when metadata retrieval results in a failure (#1776)
• Added string optimizations (#1765)
• Improved performance of Saml2 attributes consolidation (#1764)
• Updated comments to use references (#1769)
• Added new unit test samples that make negative testing easier for consumers of this library. These show the most common problem token types and gives examples for validation. (#1748)

Bug Fixes

• Fixed broken links to ietf.org (#1723)

6.14.1

Bug Fixes:

The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .

6.14.0

New Features

A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.

Bug Fixes

Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.

aka.ms link added for issuer validation failure. See issue #1732.

Fix broken rfc link. See issue #1728.

Add const for the OIDC scope "phone". See #1720.

Use https for hyperlinks in XLM. See #1719.

6.13.1

Updating comments to help improve correct usage #1705

SignedHttpRequests New exceptions and delegate for validation. #1704

Base64UrlEncoder performance improvements #1698

... (truncated)

Commits

• 55c3b46 Updated release version to 6.15.0
• 1a95376 Removed log property
• 92d3f24 Refactored the validation flow that uses the Configuration to avoid cloning t...
• 44a16fa Add constant for the address scope
• 403c32c Xiao/better exception for get OIDC configuration async (#1776)
• b244707 Broken links tools.ietf.org/html/ (#1774)
• 3eb9406 Adding support for the Last Known Good feature (#1723)
• 9d022e3 Reduce string allocations where StringBuilder was appending interpolated strings
• 89c5521 Use paramref in tokens related classes
• 6ad79c6 add default values to TokenValidationParameters (#1767)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #155.