[Feature Request] Add an AAD specific signing key issuer validator, in Microsoft.IdentityModel.Issuers

[jmprieur]

Why?
In the same way Microsoft.IdentityModel.Validators proposes a specific implementation of issuer validators for AAD AadIssuerValidator, also provide an AAD specific implementation for the signing key issuer validator.

How to use?

1. Add a reference to Microsoft.IdentityModel.Validators 6.32.0+ to your project. As usual, update all the versions of Microsoft.IdentityModel to the same version.

2. In the part of your code that sets the token validation parameters to validate tokens:

   1. Reference the Microsoft.IdentityModel.Validators namespace:
      using Microsoft.IdentityModel.Validators;

   2. Find the part that sets the TokenValidationParameters, and add the following line:
      tokenValidationParameters.EnableAadSigningKeyIssuerValidation();

Example

builder.AddJwtBearer(options =>
{
  options.Authority = ...;
  options.TokenValidationParameters = new TokenValidationParameters()
  {
    // Usual parameters.
  };

 // The following lines Azure AD signing key issuer validation.
 options.TokenValidationParameters.EnableAadSigningKeyIssuerValidation();
 options.Events.OnMessageReceived = async context =>
 {
  context.Options.TokenValidationParameters.ConfigurationManager ??= options.ConfigurationManager as BaseConfigurationManager;
  await Task.CompletedTask.ConfigureAwait(false);
 };
}