Critical issues affecting version 7.0.0‐7.4.0

An issue affects the deserialization of OIDC metadata in Microsoft.IdentityModel versions >=7.0.0 and < 7.4.0, which are several years old and are out of support. Packages on nuget.org were updated to note they contain a critical bug.

The issue is not related to security, but to availability. When the STS adds more fields to the OIDC document, the SDK hits the serialization bug. This causes the SDK to stop validating tokens.

Services combining Microsoft.IdentityModel.Protocols.OpenIdConnect version [7.0.0-7.4.0) with Microsoft.IdentityModel.Tokens 7.4.0+ are affected.

Overview

Conceptual Documentation

Common Exceptions

Frequently Asked Questions

Known Issues and Workarounds

IdentityModel 7x

IdentityModel 7x.

Critical issues affecting version 7.0.0‐7.4.0

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally