Update dotnet-azure-ad-identitymodel-extensions monorepo to 8.11.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.6.0 -> 8.11.0
System.IdentityModel.Tokens.Jwt	8.6.0 -> 8.11.0

---

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect)

v8.11.0

Compare Source

=====

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

v8.10.0

Compare Source

=====

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220 to avoid build warnings with the other target frameworks
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

v8.9.0

Compare Source

=====

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See #​3213.
• Fixed a null reference issue in KeyInfo. See (#​3203)[https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203)3].

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See #​2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See #​3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See #​3204.

v8.8.0

Compare Source

=====

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
• Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
• Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

v8.7.0

Compare Source

=====

Bug Fixes

• Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #​3181.

New Features

• Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #​3165.

v8.6.1

Compare Source

=====

Bug fix

• Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #​3148 for details.
• Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #​3003 for details.

Fundamentals

• For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #​2995 for details.

---

Configuration

📅 Schedule: Branch creation - "before 7am on Monday,before 7am on Friday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed May 28 2025 to showcase some of the refinements we've made.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.