Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0

.clinerules/identityModel-guidelines.md

@@ -74,13 +74,14 @@ Through its robust architecture and battle-tested components, IdentityModel prov
 - Test with different key types and sizes
 - Verify protocol compliance
 
-### Public API Changes
-- The project uses Microsoft.CodeAnalysis.PublicApiAnalyzers (version 3.3.4)
-- For any public API changes:
-  1. Update PublicAPI.Unshipped.txt in the relevant package directory
-  2. Include complete API signatures
-  3. Consider backward compatibility impacts
-  4. Document breaking changes clearly
+### Public and Internal API Changes
+- The project uses Microsoft.CodeAnalysis.PublicApiAnalyzers
+- For any public and internal API (i.e. public and internal member) changes:
+  1. Update PublicAPI.Unshipped.txt in the relevant package directory for a public API change
+  2. Update InternalAPI.Unshipped.txt in the relevant package directory for an internal API change
+  3. Include complete API signatures
+  4. Consider backward compatibility impacts
+  5. Document breaking changes clearly
 
 Example format:
 ```diff
@@ -92,4 +93,4 @@ Example format:
 -Microsoft.IdentityModel.Tokens.ObsoleteTokenValidationMethod() -> void
 ```
 
-The analyzer enforces documentation of all public API changes in PublicAPI.Unshipped.txt and will fail the build if changes are not properly reflected.
+The analyzer enforces documentation of all public API changes in PublicAPI.Unshipped.txt and all internal API changes in InternalAPI.Unshipped.txt and will fail the build if changes are not properly reflected.

build/common.props

@@ -67,7 +67,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.3.4">
+    <PackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="4.14.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>

build/dependencies.props

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <AspNetCoreMinSupportedVersion>2.1.1</AspNetCoreMinSupportedVersion>
-    <BannedApiAnalyzersVersion>3.3.4</BannedApiAnalyzersVersion>
+    <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
     <MicrosoftBclTimeProviderVersion>8.0.1</MicrosoftBclTimeProviderVersion>
     <MicrosoftCSharpVersion>4.5.0</MicrosoftCSharpVersion>
     <MicrosoftSourceLinkGitHubVersion>1.0.0</MicrosoftSourceLinkGitHubVersion>

build/dependenciesTest.props

@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <CoverletCollectorVersion>6.0.2</CoverletCollectorVersion>
-    <BannedApiAnalyzersVersion>3.3.4</BannedApiAnalyzersVersion>
+    <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
     <DotNetCoreAppRuntimeVersion>2.1.30</DotNetCoreAppRuntimeVersion>
     <MicrosoftAzureKeyVaultCryptographyVersion>3.0.5</MicrosoftAzureKeyVaultCryptographyVersion>
     <MicrosoftNETTestSdkVersion>17.11.1</MicrosoftNETTestSdkVersion>

src/Microsoft.IdentityModel.Protocols.OpenIdConnect/PublicAPI.Shipped.txt

@@ -487,3 +487,4 @@ virtual Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolVal
 virtual Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateState(Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidationContext validationContext) -> void
 virtual Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateTokenResponse(Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidationContext validationContext) -> void
 virtual Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateUserInfoResponse(Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidationContext validationContext) -> void
+virtual Microsoft.IdentityModel.Protocols.OpenIdConnect.IdTokenValidator.Invoke(System.IdentityModel.Tokens.Jwt.JwtSecurityToken idToken, Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidationContext context) -> void

src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/PublicAPI.Shipped.txt

@@ -218,3 +218,10 @@ static readonly Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRe
 static readonly Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationParameters.DefaultSignedHttpRequestLifetime -> System.TimeSpan
 virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestHandler.CreateHttpRequestPayload(Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestDescriptor signedHttpRequestDescriptor, Microsoft.IdentityModel.Tokens.CallContext callContext) -> string
 virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestHandler.ValidateSignedHttpRequestPayloadAsync(Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.SecurityToken>
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.CnfDecryptionKeysResolverAsync.Invoke(Microsoft.IdentityModel.Tokens.SecurityToken jweCnf, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.IdentityModel.Tokens.SecurityKey>>
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.HttpClientProvider.Invoke() -> System.Net.Http.HttpClient
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.NonceValidatorAsync.Invoke(Microsoft.IdentityModel.Tokens.SecurityKey key, Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> bool
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.PopKeyResolverAsync.Invoke(Microsoft.IdentityModel.Tokens.SecurityToken validatedAccessToken, Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.SecurityKey>
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.PopKeyResolverFromKeyIdAsync.Invoke(string kid, Microsoft.IdentityModel.Tokens.SecurityToken validatedAccessToken, Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.SecurityKey>
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.ReplayValidatorAsync.Invoke(Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task
+virtual Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignatureValidatorAsync.Invoke(Microsoft.IdentityModel.Tokens.SecurityKey popKey, Microsoft.IdentityModel.Tokens.SecurityToken signedHttpRequest, Microsoft.IdentityModel.Protocols.SignedHttpRequest.SignedHttpRequestValidationContext signedHttpRequestValidationContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.SecurityKey>

src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Shipped.txt

@@ -299,3 +299,10 @@ virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2
 virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions>
 virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateOneTimeUseCondition(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError
 virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateProxyRestriction(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError
+Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.Deconstruct(out string ValidatedAudience, out Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime? ValidatedLifetime) -> void
+Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.Equals(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions other) -> bool
+override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.Equals(object obj) -> bool
+override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.GetHashCode() -> int
+override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.ToString() -> string
+static Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.operator !=(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions left, Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions right) -> bool
+static Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.operator ==(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions left, Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions right) -> bool

src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt

@@ -1,15 +1,22 @@
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
+Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.Deconstruct(out string ValidatedAudience, out Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime? ValidatedLifetime) -> void
+Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.Equals(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions other) -> bool
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.ValidatedConditions(string ValidatedAudience, Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime? ValidatedLifetime) -> void
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.ValidatedLifetime.get -> Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime?
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.ValidatedConditions(string ValidatedAudience, Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime? ValidatedLifetime) -> void
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions.ValidatedLifetime.get -> Microsoft.IdentityModel.Tokens.Experimental.ValidatedLifetime?
 override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
+override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.Equals(object obj) -> bool
+override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.GetHashCode() -> int
+override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.ToString() -> string
 override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
 override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
+static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.operator !=(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions left, Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions right) -> bool
+static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions.operator ==(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions left, Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions right) -> bool
 static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateSignature(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.Experimental.ValidationResult<Microsoft.IdentityModel.Tokens.SecurityKey, Microsoft.IdentityModel.Tokens.Experimental.SignatureValidationError>
 static Microsoft.IdentityModel.Tokens.Saml.SamlTokenUtilities.PopulateValidationParametersWithCurrentConfigurationAsync(Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters>
 static Microsoft.IdentityModel.Tokens.Saml.SamlTokenUtilities.ResolveTokenSigningKey(Microsoft.IdentityModel.Xml.KeyInfo tokenKeyInfo, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters) -> Microsoft.IdentityModel.Tokens.SecurityKey

src/Microsoft.IdentityModel.Tokens/InternalAPI.Shipped.txt

@@ -740,8 +740,6 @@ static Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptFunctionNotFound(
 static Microsoft.IdentityModel.Tokens.AsymmetricAdapter.EncryptFunctionNotFound(byte[] _) -> byte[]
 static Microsoft.IdentityModel.Tokens.AuthenticatedEncryptionProvider.Transform(System.Security.Cryptography.ICryptoTransform transform, byte[] input, int inputOffset, int inputLength) -> byte[]
 static Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.ReadOnlySpan<char> strSpan) -> byte[]
-static Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.ReadOnlySpan<char> strSpan, System.Span<byte> output) -> int
-static Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.ReadOnlySpan<char> strSpan, System.Span<byte> output) -> void
 static Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode(string input, int offset, int length) -> byte[]
 static Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode(string inputString) -> byte[]
 static Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode(System.ReadOnlySpan<char> input, int offset, int length, byte[] output) -> void
@@ -1001,3 +999,4 @@ virtual Microsoft.IdentityModel.Tokens.ValidationError.CreateException() -> Syst
 virtual Microsoft.IdentityModel.Tokens.ValidationError.GetException() -> System.Exception
 virtual Microsoft.IdentityModel.Tokens.ValidationParameters.Clone() -> Microsoft.IdentityModel.Tokens.ValidationParameters
 virtual Microsoft.IdentityModel.Tokens.ValidationParameters.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, string issuer) -> System.Security.Claims.ClaimsIdentity
+~virtual Microsoft.IdentityModel.Tokens.IssuerValidatorAsync.Invoke(string issuer, Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters) -> System.Threading.Tasks.ValueTask<string>