Add NativeAOT support for JwtBearer Authentication

[eerhardt]

The following program produces AOT warnings and doesn't work after being published to NativeAOT:

using System.Security.Claims;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthentication().AddJwtBearer();
builder.Services.AddAuthorization();

var app = builder.Build();

app.MapGet("/", () => "Hello, World!");
app.MapGet("/secret", (ClaimsPrincipal user) => $"Hello {user.Identity?.Name}. My secret")
    .RequireAuthorization();

app.Run();

We should enable this to work in ASP.NET 8 with NativeAOT.

Underlying issues:

• Only call AddDataProtection in Authentication Services that require it #47410
• [Feature Request] Enable NativeAOT support for validating Json Web Tokens in ASP.NET AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2035

[ghost]

Thanks for contacting us.

We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[eerhardt]

#47410

We don't need to fix #47410 issue to enable this scenario. The app will be larger than it needs to be, but it will still work once AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2035 is implemented.

[halter73]

This now works with the latest rc1 SDKs and Microsoft.AspNetCore.Authentication.JwtBearer.

using System.Security.Claims;
using System.Text.Json.Serialization.Metadata;

var builder = WebApplication.CreateBuilder(args);

builder.Services.ConfigureHttpJsonOptions(options =>
{
    options.SerializerOptions.TypeInfoResolver = JsonTypeInfoResolver.Combine();
});

builder.Services.AddAuthentication().AddJwtBearer();
builder.Services.AddAuthorization();

var app = builder.Build();

app.MapGet("/", () => "Hello, World!");
app.MapGet("/secret", (ClaimsPrincipal user) => $"Hello {user.Identity?.Name}. My secret")
    .RequireAuthorization();

app.Run();

You do need to configure the TypeInfoResolver even though there's no JSON, but that appears to be a different issue #49855.

[eerhardt]

We need the app to be able to be published with no warnings in order to officially support this scenario. AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2035 will allow for no warnings.

[eerhardt]

This is now complete and works with NativeAOT. We have https://github.com/aspnet/Benchmarks/blob/5ea00ac8d1471088ff96831156f7c8533da8f514/src/BenchmarksApps/TodosApi/TodosApi.csproj#L19 which uses this in a benchmark app.