Merged PR 10664: Update dev branch from public GitHub dev

#### AI description

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,7 +2,7 @@
 name: Bug report
 about: Please do NOT file bugs without filling in this form.
 title: '[Bug] '
-labels: ''
+labels: ["untriaged", "needs attention"]
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/design_proposal.md

@@ -0,0 +1,49 @@
+---
+name: 🤔 Design proposal
+about: Collaborate on a design for a feature/fix or other change
+labels: design-proposal
+---
+
+<!--
+This template is useful to build consensus about whether work should be done, and if so, the high-level shape of how it should be approached. Use this before fixating on a particular implementation.
+-->
+
+## Summary
+
+1-2 sentences. Say what this is about.
+
+## Motivation and goals
+
+1-2 paragraphs, or a bullet-pointed list. What existing pain points does this solve? What evidence shows it's valuable to solve this?
+
+## In scope
+
+A list of major scenarios, perhaps in priority order.
+
+## Out of scope
+
+Scenarios you explicitly want to exclude.
+
+## Risks / unknowns
+
+How might developers misinterpret/misuse this? How might implementing it restrict us from other enhancements in the future? Also list any perf/security/correctness concerns.
+
+## Examples
+
+Give brief examples of possible developer experiences (e.g., code they would write).
+
+Don't be deeply concerned with how it would be implemented yet. Your examples could even be from other technology stacks.
+
+<!--
+# Detailed design
+
+It's often best not to fill this out until you get basic consensus about the above. When you do, consider adding an implementation proposal with the following headings:
+
+Detailed design
+Drawbacks
+Considered alternatives
+Open questions
+References
+
+If there's one clear design you have consensus on, you could do that directly in a PR.
+-->

CHANGELOG.md

@@ -1,5 +1,11 @@
 See the [releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) for details on bug fixes and added features.
 
+7.0.3
+======
+### Bug Fixes:
+- Fix errors like the following reported by multiple customers at dotnet/aspnetcore#51005 when they tried to upgrade their app using `AddMicrosoftIdentityWebApp` to .NET 8. See [PR](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2361) for details.
+- Fix compatibility issue with 6x when claims are a bool. See issue [#2354](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2354) for details.
+
 7.0.2
 ======
 ### Bug Fixes:

Contributing.md

@@ -18,21 +18,57 @@ Please file issues you see in the [issue tracker](https://github.com/AzureAD/azu
 
 ## Instructions for Contributing Code
 
-### Contributing bug fixes
+### Contributor License agreement
 
-We accept bug fixes. A bug must have an issue tracking it in the issue tracker. Please link the issue and PR.
+Please visit [https://cla.microsoft.com/](https://cla.microsoft.com/) and sign the Contributor License
+Agreement.  You only need to do that once. We can not look at your code until you've submitted this request.
 
-### Contributing features
+### Finding an issue to work on
 
-Features (things that add new or improved functionality) may be accepted, but will need to first be approved (tagged with "Enhancement") in the issue.
+Over the years we've seen many PRs targeting areas of the code which are not urgent or critical for us to address, or areas which we didn't plan to expand further at the time. In all these cases we had to say no to those PRs and close them. That, obviously, is not a great outcome for us. And it's especially bad for the contributor, as they've spent a lot of effort preparing the change. To resolve this problem, we've decided to separate a bucket of issues, which would be great candidates for community members to contribute to. We mark these issues with the help wanted label. You can find all these issues [here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22+label%3A%22good+first+issue%22+).
 
-## Legal
+With that said, we have additionally marked issues that are good candidates for first-time contributors. Those do not require too much familiarity with the authN/authZ and are more novice-friendly. Those are marked with the good first issue label.
 
-You will need to complete a Contributor License Agreement (CLA). Briefly, this agreement testifies that you are granting us permission to use the submitted change according to the terms of the project's license, and that the work being submitted is under appropriate copyright.
+If you would like to make a contribution to an area not captured [here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22+label%3A%22good+first+issue%22+), first open an issue with a description of the change you would like to make and the problem it solves so it can be discussed before a pull request is submitted.
 
-Please submit a Contributor License Agreement (CLA) before submitting a pull request. You may visit https://cla.microsoft.com to sign digitally. Once we have received the signed CLA, we'll review the request.
+If you are working on an involved feature, please file a design proposal, more instructions can be found below, under [Before writing code](#before-writing-code).
 
-## Housekeeping
+### Before writing code
+
+We've seen PRs, where customers would solve an issue in a way which either wouldn't fit into the E2E design because of how it's implemented, or it would change the E2E in a way, which is not something we'd like to do. To avoid these situations and potentially save you a lot of time, we encourage customers to discuss the preferred design with the team first. To do so, file a new design proposal issue, link to the issue you'd like to address, and provide detailed information about how you'd like to solve a specific problem.
+
+To file a design proposal, look for the relevant issue in the `New issue` page or simply click [proposal for Identity Model](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/new?assignees=&labels=design-proposal&projects=&template=design_proposal.md).
+
+### Identifying scale
+
+If you would like to contribute to one of our repositories, first identify the scale of what you would like to contribute. If it is small (grammar/spelling or a bug fix) feel free to start working on a fix. If you are submitting a feature or substantial code contribution, please discuss it with the team and ensure it follows the product roadmap. You might also read these two blogs posts on contributing code: [Open Source Contribution Etiquette by Miguel de Icaza](http://tirania.org/blog/archive/2010/Dec-31.html) and [Don't "Push" Your Pull Requests by Ilya Grigorik](https://www.igvita.com/2011/12/19/dont-push-your-pull-requests/). All code submissions will be rigorously reviewed and tested further by the team, and only those that meet an extremely high bar for both quality and design/roadmap appropriateness will be merged into the source.
+
+### Before submitting the pull request
+
+Before submitting a pull request, make sure that it checks the following requirements:
+
+- You find an existing issue with the "help-wanted" label or discuss with the team to agree on adding a new issue with that label.
+- You post a high-level description of how it will be implemented and receive a positive acknowledgement from the team before getting too committed to the approach or investing too much effort in implementing it.
+- You add test coverage following existing patterns within the codebase
+- Your code matches the existing syntax conventions within the codebase
+- Your PR is small, focused, and avoids making unrelated changes
+
+If your pull request contains any of the below, it's less likely to be merged.
+
+- Changes that break backward compatibility
+- Changes that are only wanted by one person/company. Changes need to benefit a large enough proportion of developers using our auth libraries.
+- Changes that add entirely new feature areas without prior agreement
+- Changes that are mostly about refactoring existing code or code style
+
+Very large PRs that would take hours to review (remember, we're trying to help lots of people at once). For larger work areas, please discuss with us to find ways of breaking it down into smaller, incremental pieces that can go into separate PRs.
+
+### During pull request review
+
+A core contributor will review your pull request and provide feedback. To ensure that there is not a large backlog of inactive PRs, the pull request will be marked as stale after two weeks of no activity. After another four days, it will be closed.
+
+### Submitting a pull request
+
+If you're not sure how to create a pull request, read this article: https://help.github.com/articles/using-pull-requests. Make sure the repository can build and all tests pass. Familiarize yourself with the project workflow and our coding conventions. The coding, style, and general engineering guidelines are published on the Engineering guidelines page.
 
 Your pull request should:
 
@@ -44,6 +80,22 @@ Your pull request should:
 * Include new tests for new features
 * To avoid line ending issues, set `autocrlf = input` and `whitespace = cr-at-eol` in your git configuration
 
+### Tests
+
+- Tests need to be provided for every bug/feature that is completed.
+  - Unit tests cover all new aspects of the code.
+- Before and after performance and stress tests results are evaluated (no regressions allowed).
+- Performance and stress tests are extended as relevant.
+
+### Feedback
+
+Your pull request will now go through extensive checks by the subject matter experts on our team. Please be patient; we have hundreds of pull requests across all of our repositories. Update your pull request according to feedback until it is approved by one of the team members.
+
+### Merging pull requests
+
+When your pull request has had all feedback addressed, it has been signed off by one or more reviewers with commit access, and all checks are green, we will commit it.
+We commit pull requests as a single Squash commit unless there are special circumstances. This creates a simpler history than a Merge or Rebase commit. "Special circumstances" are rare, and typically mean that there are a series of cleanly separated changes that will be too hard to understand if squashed together, or for some reason we want to preserve the ability to dissect them.
+
 ## Building and running tests
 
 To build and run tests, use 'build'

README.md

@@ -1,4 +1,4 @@
-# Azure Active Directory IdentityModel Extensions for .NET
+# IdentityModel Extensions for .NET
 
 [![Nuget](https://img.shields.io/nuget/v/Microsoft.IdentityModel.JsonWebTokens?label=Latest%20release)](https://www.nuget.org/packages/Microsoft.IdentityModel.JsonWebTokens/)
 
@@ -8,62 +8,36 @@ IdentityModel Extensions for .NET provide assemblies that are interesting for we
 
 You can find the release notes for each version [here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases). Older versions can be found [here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Release-Notes).
 
-## Note about 6.28.0
-We delisted 6.28.0 as we found an edge case where a null reference could occur.
-Please use 6.28.1.
+## IdentityModel 7x
 
-## Note about 6.x
-
-If you noticed, we bumped the release from 5.x to 6.x\
-We were maintaining two releases from two different branches.\
-dev - 6.x\
-dev5x - 5.x
-
-Internally at Microsoft we were quickly required to remove all 3rd party libraries as IdentityModel is all about securing resources.\
-Since there were some breaking changes, given the time-line we had to maintain two releases.
-
-Both of these branches were public and moved forward mostly in lock-step.\
-Once we finished our SignedHttpRequest functionality in the 6.x branch, we realized the delta between 5.x and 6.x was too large to maintain in both branches.\
-We decided now was the time to switch to a single release branch.\
-Since internally the versioning was at 6.4.2, we needed to release at 6.5.0.
-
-## There are some small breaking changes
-
-We built and tested ASP.NET core with 6.5.0 without issues.\
-We also upgraded in place existing applications to 6.5.0 without issues.\
-This of course does not mean you will not hit issues, but we took it seriously.
+We are excited to announce the release of [IdentityModel 7x](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IdentityModel-7x), a major update to our popular .NET auth validation library. This new version introduces several improvements related to serialization and consistency in the API, which will provide a better user experience for developers, as well as full AOT compatibility on .NET, and huge perf improvements compared to 6x.
 
-Any questions or compatibility problems please open issues [here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc).
-
-## Thank you for using our product
-
-The IdentityModel Team.
-
-## Usage
-
-IdentityModel Extensions for .NET 5 has now been released. If you are using IdentityModel Extensions with ASP.NET, the following combinations are supported:
+## Note about 6.x
 
-* **IdentityModel Extensions for .NET 5.x**, **ASP.NET Core 1.x**, **ASP.NET Core 2.x**, **Katana 4.x**
-* **IdentityModel Extensions for .NET 4.x**, **ASP.NET 4**, **Katana 3.x**
-All other combinations aren't supported.
+We bumped the release from 6.x to 7.x.
+We are maintaining two releases from two different branches.
+dev - 7.x
+dev6x - 6.x
 
-For more details see [Migration notes here](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/Migrating-from-Katana-(OWIN)-3.x-to-4.x)
+dev6x will be maintained until March 2024, at which point, you will need to move to 7x to continue to get the latest and greatest improvements and security updates.
 
 ## Samples and Documentation
 
 The scenarios supported by IdentityModel extensions for .NET are described in [Scenarios](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/scenarios). The libraries are in particular used part of ASP.NET security to validate tokens in ASP.NET Web Apps and Web APIs. To learn more about token validation, and find samples, see:
 
-- [Azure Active Directory with ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-active-directory/?view=aspnetcore-2.1)
-- [Developing ASP.NET Apps with Azure Active Directory](https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory)
+- [Microsoft Entra ID with ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-active-directory/?view=aspnetcore-2.1)
+- [Developing ASP.NET Apps with Microsoft Entra ID](https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory)
 - [Validating tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/ValidatingTokens)
 - more generally, the library's [Wiki](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki)
 - the [reference documentation](https://learn.microsoft.com/dotnet/api/microsoft.identitymodel.jsonwebtokens.jsonwebtokenhandler?view=msal-web-dotnet-latest)
 
 ## Community Help and Support
 
-We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.
+We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Microsoft Entra and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.
+
+We recommend you use the "identityModel" tag so we can see it! Here is the latest Q&A on Stack Overflow for IdentityModel: [https://stackoverflow.com/questions/tagged/identityModel](https://stackoverflow.com/questions/tagged/identityModel)
 
-We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for IdentityModel: [https://stackoverflow.com/questions/tagged/identityModel](https://stackoverflow.com/questions/tagged/identityModel)
+Have a design proposal? Please submit [a design proposal](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/new?assignees=&labels=design-proposal&projects=&template=design_proposal.md) before starting work on a PR to ensure it means the goals/objectives of this library and it's priorities.
 
 ## Security Reporting
 

build/releaseBuild.yml

@@ -111,43 +111,39 @@ jobs:
         **\bin\$(BuildConfiguration)\**\System.IdentityModel.Tokens.Jwt.pdb
       TargetFolder: '$(Build.ArtifactStagingDirectory)\ProductBinaries'
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
     displayName: 'Run PoliCheck'
     inputs:
       targetType: F
+      result: PoliCheck.xml
       optionsFC: 0
       optionsXS: 0
       optionsHMENABLE: 0
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
     displayName: 'Run CredScan'
     inputs:
+      outputFormat: pre
       suppressionsFile: 'build/credscan-exclusion.json'
       debugMode: false
 
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-roslynanalyzers.RoslynAnalyzers@2
     displayName: 'Run Roslyn Analyzers'
     condition: eq(variables['TargetNet8'], 'False')
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
     displayName: 'Run BinSkim'
     inputs:
-      InputType: Basic
-      AnalyzeTarget: '$(Build.ArtifactStagingDirectory)\*.dll'
       AnalyzeSymPath: '$(Build.ArtifactStagingDirectory)\ProductBinaries'
       AnalyzeVerbose: true
       AnalyzeHashes: true
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
     displayName: 'Publish Security Analysis Logs'
     continueOnError: true
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
     displayName: 'Post SDL Analysis'
-    inputs:
-      BinSkim: true
-      CredScan: true
-      PoliCheck: true
     continueOnError: true
 
 
@@ -201,17 +197,12 @@ jobs:
       SymbolServerType: TeamServices
       TreatNotIndexedAsWarning: true
 
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
     displayName: 'TSA upload to Codebase: WILSON Stamp: Azure'
     inputs:
-      tsaVersion: TsaV2
-      codeBaseName: WILSON
-      uploadAPIScan: false
-      uploadFortifySCA: false
-      uploadFxCop: false
-      uploadModernCop: false
-      uploadPREfast: false
-      uploadTSLint: false
+      GdnPublishTsaOnboard: false 
+      GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/tsaConfig.json'
+    continueOnError: true
 
   - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
     displayName: 'Manifest Generator '