[Feature Request] Adopt .NET Configuration Binding Source Generators for net8.0/net9.0 (AOT compatibility) #3581
Description
Is your feature request related to a problem? Please describe.
Current authentication and configuration binding code in Microsoft.Identity.Web relies on reflection-based ConfigurationBinder.Bind() APIs. This causes IL2026 trim warnings and failures when publishing with AOT (NativeAOT) for .NET 8+ and .NET 9+, as these APIs are not compatible with trimming.
.NET 6/7 are no longer supported in IdWeb, which now builds only for net8.0/net9.0. We should modernize our configuration binding to use source generator-powered APIs for full AOT compatibility (and only for the .NET8 and .NET9 target framework).
Describe the solution you'd like
- Refactor all configuration binding in Microsoft.Identity.Web to use the new .NET 8+ configuration binding source generator APIs (
OptionsBuilder<T>.Bind()and strongly-typed config binding). - Remove or replace usages of
ConfigurationBinder.Bind()with AOT-friendly alternatives. - Ensure all authentication and options setup (web API, web app, token acquisition, etc.) are compatible with trimming and AOT publish.
Implementation Guidance
1. Use OptionsBuilder.Bind() for Options Configuration
Instead of:
services.Configure<JwtBearerOptions>(scheme, options => configurationSection.Bind(options));Use:
services.AddOptions<JwtBearerOptions>(scheme)
.Bind(configurationSection);This enables source generator-based binding, which is AOT compatible.
2. Remove Reflection-based Binding for All Option Types
Replace all usages of ConfigurationBinder.Bind() and similar with strongly-typed .Bind() extension methods on OptionsBuilder<T>. For example:
services.AddOptions<MicrosoftIdentityOptions>(scheme)
.Bind(configurationSection);3. Example Migration for WebApiExtensions
// Before
AddMicrosoftIdentityWebApiImplementation(
builder,
options => configurationSection.Bind(options),
jwtBearerScheme,
subscribeToJwtBearerMiddlewareDiagnosticsEvents);
// After (.NET 8+)
services.AddOptions<JwtBearerOptions>(jwtBearerScheme)
.Bind(configurationSection);
AddMicrosoftIdentityWebApiImplementation(
builder,
_ => {}, // no-op or additional config
jwtBearerScheme,
subscribeToJwtBearerMiddlewareDiagnosticsEvents);4. Remove/Refactor All [RequiresUnreferencedCode] Annotations Where No Longer Needed
Once all binding is generator-based, IL2026/trim warnings should disappear, and RequiresUnreferencedCode can be removed for these APIs.
5. Test Plan
- Add/Update tests to verify successful NativeAOT (
PublishAot=true) builds for all relevant scenarios. - Validate authentication flow and configuration binding works as expected.
6. Documentation
- Update README and migration docs to highlight AOT compatibility and new configuration binding pattern for consumers.
Describe alternatives you've considered
- Suppressing IL2026 warnings (not recommended)
- Retaining legacy
ConfigurationBinder.Bind()with annotation workarounds (not future-proof)
Additional context
- See Microsoft Docs: Source generators for configuration binding
- Reference for OptionsBuilder.Bind(): https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.optionsbuilderextensions.bind
This change aligns with IdWeb's net8.0/net9.0 support and Microsoft's current platform recommendations.