From 6c8c1728a5b8bac0df9affebdcec7e2c1ce55f8e Mon Sep 17 00:00:00 2001
From: Alexander Beyderman <v-abeyderman@microsoft.com>
Date: Thu, 31 Mar 2022 14:27:47 -0400
Subject: [PATCH 1/4] added support for v2.0

---
 Microsoft.Identity.Web.Aspnet/CommonUtil.cs        | 14 ++++++++++++++
 .../MicrosoftIdentityWebApiAuthorizationBuilder.cs |  6 +++++-
 TodoListService/TodoListService.csproj             |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Microsoft.Identity.Web.Aspnet/CommonUtil.cs b/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
index 32fcf57..88b0207 100644
--- a/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
+++ b/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
@@ -17,6 +17,20 @@ public static string EnsureAuthorityIsV2(string authority)
             return authority;
         }
 
+        /// <summary>
+        /// Create valid issuers both for V1.0 and V2.0
+        /// </summary>
+        /// <param name="webApiConfig"></param>
+        /// <returns></returns>
+        public static List<string> BuildValidIssuers(JwtBearerOptions webApiConfig)
+        {
+            return new List<string>
+            {
+                $"{EnsureTrailingSlash(webApiConfig.AADInstance)}{webApiConfig.TenantId}",
+                $"{EnsureTrailingSlash(webApiConfig.AADInstance)}{webApiConfig.TenantId}/v2.0"
+            };
+        }
+
         public static string EnsureTrailingSlash(string value)
         {
             if (value == null)
diff --git a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
index 2cf90df..4666dfa 100644
--- a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
+++ b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
@@ -1,6 +1,8 @@
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.ActiveDirectory;
 using Owin;
+using System;
+using System.Collections.Generic;
 
 namespace Microsoft.Identity.Web.Aspnet
 {
@@ -17,10 +19,12 @@ public static void ProtectWebApiWithMicrosoftIdentity(this IAppBuilder app, JwtB
                 new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                 {
                     Tenant = webApiConfig.TenantId,
+
                     TokenValidationParameters = new TokenValidationParameters
                     {
                         SaveSigninToken = true,
-                        ValidAudiences = webApiConfig.ValidAudiences
+                        ValidAudiences = webApiConfig.ValidAudiences,
+                        ValidIssuers = CommonUtil.BuildValidIssuers(webApiConfig)
                     }
                 });
         }
diff --git a/TodoListService/TodoListService.csproj b/TodoListService/TodoListService.csproj
index 66ec2c2..dca61ef 100644
--- a/TodoListService/TodoListService.csproj
+++ b/TodoListService/TodoListService.csproj
@@ -455,7 +455,7 @@
     <VisualStudio>
       <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
         <WebProjectProperties>
-          <UseIIS>False</UseIIS>
+          <UseIIS>True</UseIIS>
           <AutoAssignPort>True</AutoAssignPort>
           <DevelopmentServerPort>9184</DevelopmentServerPort>
           <DevelopmentServerVPath>/</DevelopmentServerVPath>

From 9c3ef2242ffea3b7545de728f9ad9b72345988b0 Mon Sep 17 00:00:00 2001
From: Alexander Beyderman <v-abeyderman@microsoft.com>
Date: Fri, 8 Apr 2022 13:10:40 -0400
Subject: [PATCH 2/4] added issuer validator. Had to update versions for all
 projects to avoid conflicts

---
 .../Microsoft.Identity.Web.Aspnet.csproj      |   5 +-
 ...osoftIdentityWebApiAuthorizationBuilder.cs |   7 +-
 MyWebApplication/MyWebApplication.csproj      |  36 +++----
 MyWebApplication/Web.config                   | 100 ++++++++++--------
 MyWebApplication/packages.config              |  18 ++--
 .../TodoListDownstreamService.csproj          |  32 +++---
 TodoListDownstreamService/Web.config          |  14 ++-
 TodoListDownstreamService/packages.config     |  14 +--
 TodoListService/TodoListService.csproj        |  24 ++---
 TodoListService/Web.config                    |  28 ++---
 TodoListService/packages.config               |  12 +--
 TodoListWebApp/TodoListWebApp.csproj          |  28 ++---
 TodoListWebApp/Web.config                     |  28 ++---
 TodoListWebApp/packages.config                |  14 +--
 14 files changed, 196 insertions(+), 164 deletions(-)

diff --git a/Microsoft.Identity.Web.Aspnet/Microsoft.Identity.Web.Aspnet.csproj b/Microsoft.Identity.Web.Aspnet/Microsoft.Identity.Web.Aspnet.csproj
index b87f347..16884ce 100644
--- a/Microsoft.Identity.Web.Aspnet/Microsoft.Identity.Web.Aspnet.csproj
+++ b/Microsoft.Identity.Web.Aspnet/Microsoft.Identity.Web.Aspnet.csproj
@@ -75,7 +75,10 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Identity.Client">
-      <Version>4.24.0</Version>
+      <Version>4.43.0</Version>
+    </PackageReference>
+    <PackageReference Include="Microsoft.Identity.Web">
+      <Version>1.23.1</Version>
     </PackageReference>
     <PackageReference Include="Microsoft.Net.Http.Headers">
       <Version>2.2.8</Version>
diff --git a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
index 4666dfa..3184857 100644
--- a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
+++ b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
@@ -1,8 +1,7 @@
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Validators;
 using Microsoft.Owin.Security.ActiveDirectory;
 using Owin;
-using System;
-using System.Collections.Generic;
 
 namespace Microsoft.Identity.Web.Aspnet
 {
@@ -24,7 +23,9 @@ public static void ProtectWebApiWithMicrosoftIdentity(this IAppBuilder app, JwtB
                     {
                         SaveSigninToken = true,
                         ValidAudiences = webApiConfig.ValidAudiences,
-                        ValidIssuers = CommonUtil.BuildValidIssuers(webApiConfig)
+                        //ValidIssuers = CommonUtil.BuildValidIssuers(webApiConfig),
+                        ValidateIssuer = true,
+                        IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(new AuthenticationConfig().Authority).Validate
                     }
                 });
         }
diff --git a/MyWebApplication/MyWebApplication.csproj b/MyWebApplication/MyWebApplication.csproj
index 8a84cbd..b1e26fe 100644
--- a/MyWebApplication/MyWebApplication.csproj
+++ b/MyWebApplication/MyWebApplication.csproj
@@ -51,35 +51,35 @@
       <HintPath>..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.3.6.0\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.17.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.8.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.17.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.17.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Owin.4.1.1\lib\net45\Microsoft.Owin.dll</HintPath>
+    <Reference Include="Microsoft.Owin, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.4.2.0\lib\net45\Microsoft.Owin.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Host.SystemWeb, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.4.1.1\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Owin.Security.4.1.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.4.2.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Security.Cookies, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Owin.Security.Cookies.4.1.1\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.OpenIdConnect, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Owin.Security.OpenIdConnect.4.1.1\lib\net45\Microsoft.Owin.Security.OpenIdConnect.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.OpenIdConnect, Version=4.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.OpenIdConnect.4.2.0\lib\net45\Microsoft.Owin.Security.OpenIdConnect.dll</HintPath>
     </Reference>
     <Reference Include="Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
       <HintPath>..\packages\Newtonsoft.Json.12.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
@@ -88,8 +88,8 @@
     <Reference Include="System.Data" />
     <Reference Include="System.Drawing" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.8.0\lib\net461\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.17.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Web.DynamicData" />
diff --git a/MyWebApplication/Web.config b/MyWebApplication/Web.config
index d4909fc..5ab0c13 100644
--- a/MyWebApplication/Web.config
+++ b/MyWebApplication/Web.config
@@ -1,85 +1,101 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <!--
   For more information on how to configure your ASP.NET application, please visit
   https://go.microsoft.com/fwlink/?LinkId=301880
   -->
 <configuration>
   <appSettings>
-    <add key="webpages:Version" value="3.0.0.0" />
-    <add key="webpages:Enabled" value="false" />
-    <add key="ClientValidationEnabled" value="true" />
-    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
-    <add key="ida:ClientID" value="[Enter client ID of the TodoListService as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
-    <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
-    <add key="ida:Domain" value="[Enter_tenant_domain,_e.g._contoso.onmicrosoft.com]" />
-    <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]" />
-    <add key="ida:RedirectUri" value="https://localhost:44397/" />
-    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44397/" />
+    <add key="webpages:Version" value="3.0.0.0"/>
+    <add key="webpages:Enabled" value="false"/>
+    <add key="ClientValidationEnabled" value="true"/>
+    <add key="UnobtrusiveJavaScriptEnabled" value="true"/>
+    <add key="ida:ClientID" value="[Enter client ID of the TodoListService as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]"/>
+    <add key="ida:AADInstance" value="https://login.microsoftonline.com/"/>
+    <add key="ida:Domain" value="[Enter_tenant_domain,_e.g._contoso.onmicrosoft.com]"/>
+    <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]"/>
+    <add key="ida:RedirectUri" value="https://localhost:44397/"/>
+    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44397/"/>
   </appSettings>
   <system.web>
-    <compilation debug="true" targetFramework="4.7.2" />
-    <httpRuntime targetFramework="4.7.2" />
+    <compilation debug="true" targetFramework="4.7.2"/>
+    <httpRuntime targetFramework="4.7.2"/>
   </system.web>
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+			<dependentAssembly>
+				<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
+				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="Microsoft.Owin.Security.OpenIdConnect" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
+			</dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
-        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
+        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f"/>
+        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
+        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.1.0.0" newVersion="1.1.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
+        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" />
-        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
+        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed"/>
+        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
+        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35"/>
+        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0" />
+        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0" />
+        <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0"/>
       </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>
     <compilers>
-      <compiler extension=".cs" language="c#;cs;csharp" warningLevel="4" compilerOptions="/langversion:7.3 /nowarn:1659;1699;1701;612;618" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
-      <compiler extension=".vb" language="vb;vbs;visualbasic;vbscript" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008,40000,40008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
+      <compiler extension=".cs" language="c#;cs;csharp" warningLevel="4" compilerOptions="/langversion:7.3 /nowarn:1659;1699;1701;612;618" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
+      <compiler extension=".vb" language="vb;vbs;visualbasic;vbscript" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008,40000,40008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
     </compilers>
   </system.codedom>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/MyWebApplication/packages.config b/MyWebApplication/packages.config
index 4fa5e4d..5eb41d4 100644
--- a/MyWebApplication/packages.config
+++ b/MyWebApplication/packages.config
@@ -9,23 +9,23 @@
   <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net472" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.7" targetFramework="net472" />
   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="3.6.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Logging" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Logging" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Tokens" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Tokens" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.11" targetFramework="net472" />
-  <package id="Microsoft.Owin" version="4.1.1" targetFramework="net472" />
+  <package id="Microsoft.Owin" version="4.2.0" targetFramework="net472" />
   <package id="Microsoft.Owin.Host.SystemWeb" version="4.1.1" targetFramework="net472" />
-  <package id="Microsoft.Owin.Security" version="4.1.1" targetFramework="net472" />
+  <package id="Microsoft.Owin.Security" version="4.2.0" targetFramework="net472" />
   <package id="Microsoft.Owin.Security.Cookies" version="4.1.1" targetFramework="net472" />
-  <package id="Microsoft.Owin.Security.OpenIdConnect" version="4.1.1" targetFramework="net472" />
+  <package id="Microsoft.Owin.Security.OpenIdConnect" version="4.2.0" targetFramework="net472" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net472" />
   <package id="Modernizr" version="2.8.3" targetFramework="net472" />
   <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net472" />
   <package id="Owin" version="1.0" targetFramework="net472" />
   <package id="popper.js" version="1.16.1" targetFramework="net472" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="6.8.0" targetFramework="net472" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="6.17.0" targetFramework="net472" />
   <package id="WebGrease" version="1.6.0" targetFramework="net472" />
 </packages>
\ No newline at end of file
diff --git a/TodoListDownstreamService/TodoListDownstreamService.csproj b/TodoListDownstreamService/TodoListDownstreamService.csproj
index 4a28ea7..32bc603 100644
--- a/TodoListDownstreamService/TodoListDownstreamService.csproj
+++ b/TodoListDownstreamService/TodoListDownstreamService.csproj
@@ -57,23 +57,23 @@
     <Reference Include="Microsoft.Graph.Core, Version=1.24.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Graph.Core.1.24.0\lib\net45\Microsoft.Graph.Core.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Identity.Client, Version=4.24.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.24.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
+    <Reference Include="Microsoft.Identity.Client, Version=4.43.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Identity.Client.4.43.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.17.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.8.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.17.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.IdentityModel.Protocols.WsFederation, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Protocols.WsFederation.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.WsFederation.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.17.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.IdentityModel.Tokens.Saml, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Tokens.Saml.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.Saml.dll</HintPath>
@@ -112,8 +112,8 @@
     </Reference>
     <Reference Include="System.Drawing" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.8.0\lib\net461\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.17.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.Memory, Version=4.0.1.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Memory.4.5.4\lib\net461\System.Memory.dll</HintPath>
@@ -122,8 +122,8 @@
     <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
     </Reference>
-    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=4.0.4.1, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.4.5.3\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
     </Reference>
     <Reference Include="System.ValueTuple, Version=4.0.1.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\System.ValueTuple.4.3.0\lib\netstandard1.0\System.ValueTuple.dll</HintPath>
@@ -419,10 +419,6 @@
       <Project>{16c31491-e7d6-4d70-b044-7b46875f6001}</Project>
       <Name>Microsoft.Identity.Web.Aspnet</Name>
     </ProjectReference>
-    <ProjectReference Include="..\TodoList.Shared\TodoList.Shared.csproj">
-      <Project>{dc125d26-fa15-4a55-82c8-dd0f9536525c}</Project>
-      <Name>TodoList.Shared</Name>
-    </ProjectReference>
   </ItemGroup>
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
diff --git a/TodoListDownstreamService/Web.config b/TodoListDownstreamService/Web.config
index 3b624a9..2296010 100644
--- a/TodoListDownstreamService/Web.config
+++ b/TodoListDownstreamService/Web.config
@@ -29,7 +29,7 @@
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" />
@@ -37,11 +37,11 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-5.5.0.0" newVersion="5.5.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
@@ -79,6 +79,14 @@
         <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>
diff --git a/TodoListDownstreamService/packages.config b/TodoListDownstreamService/packages.config
index 1540768..0d7a8e4 100644
--- a/TodoListDownstreamService/packages.config
+++ b/TodoListDownstreamService/packages.config
@@ -15,12 +15,12 @@
   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="3.6.0" targetFramework="net472" />
   <package id="Microsoft.Graph" version="3.26.0" targetFramework="net472" />
   <package id="Microsoft.Graph.Core" version="1.24.0" targetFramework="net472" />
-  <package id="Microsoft.Identity.Client" version="4.24.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Logging" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.Identity.Client" version="4.43.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Logging" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocols.WsFederation" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Tokens" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Tokens" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Tokens.Saml" version="6.8.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Xml" version="6.8.0" targetFramework="net472" />
   <package id="Microsoft.Owin" version="4.1.1" targetFramework="net472" />
@@ -36,10 +36,10 @@
   <package id="popper.js" version="1.16.1" targetFramework="net472" />
   <package id="System.Buffers" version="4.5.1" targetFramework="net472" />
   <package id="System.Diagnostics.DiagnosticSource" version="4.7.1" targetFramework="net472" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="6.8.0" targetFramework="net472" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="6.17.0" targetFramework="net472" />
   <package id="System.Memory" version="4.5.4" targetFramework="net472" />
   <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net472" />
-  <package id="System.Runtime.CompilerServices.Unsafe" version="4.5.3" targetFramework="net472" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net472" />
   <package id="System.ValueTuple" version="4.3.0" targetFramework="net472" />
   <package id="WebGrease" version="1.6.0" targetFramework="net472" />
 </packages>
\ No newline at end of file
diff --git a/TodoListService/TodoListService.csproj b/TodoListService/TodoListService.csproj
index dca61ef..d38685b 100644
--- a/TodoListService/TodoListService.csproj
+++ b/TodoListService/TodoListService.csproj
@@ -68,23 +68,23 @@
     <Reference Include="Microsoft.Extensions.Primitives, Version=5.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Extensions.Primitives.5.0.0\lib\net461\Microsoft.Extensions.Primitives.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Identity.Client, Version=4.24.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.24.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
+    <Reference Include="Microsoft.Identity.Client, Version=4.43.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Identity.Client.4.43.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.17.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.8.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.17.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.IdentityModel.Protocols.WsFederation, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Protocols.WsFederation.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.WsFederation.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.17.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.IdentityModel.Tokens.Saml, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Tokens.Saml.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.Saml.dll</HintPath>
@@ -130,8 +130,8 @@
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="System.Drawing" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.8.0\lib\net461\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.17.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.Memory, Version=4.0.1.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Memory.4.5.4\lib\net461\System.Memory.dll</HintPath>
diff --git a/TodoListService/Web.config b/TodoListService/Web.config
index 4e7f64a..46f3687 100644
--- a/TodoListService/Web.config
+++ b/TodoListService/Web.config
@@ -18,14 +18,14 @@
     <add key="ClientValidationEnabled" value="true" />
     <add key="UnobtrusiveJavaScriptEnabled" value="true" />
     <add key="ida:Instance" value="https://login.microsoftonline.com/" />
-    <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]" />
-    <add key="ida:ClientID" value="[Enter client ID of the TodoListService as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
-    <add key="ida:ClientSecret" value="[Enter_client_Secret_from_Azure_Portal]" />
-    <add key="ida:GraphUserUrl" value="https://graph.microsoft.com/v1.0/me/" />
-    <add key="ida:RedirectUri" value="https://localhost:44321/" />
-    <add key="ida:GraphScope" value="https://graph.microsoft.com/user.read" />
-    <add key="ida:CAProtectedResourceScope" value="[Enter_Scope_of_DownstreamService,_e.g._api://a61b1a8a-ace7-47ad-aa12-ad767655215d/access_as_user]" />
-    <add key="ida:AcrsValue" value="urn:microsoft:req1" />
+	  <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]" />
+	  <add key="ida:ClientID" value="[Enter client ID of the TodoListService as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
+	  <add key="ida:ClientSecret" value="[Enter_client_Secret_from_Azure_Portal]" />
+	  <add key="ida:GraphUserUrl" value="https://graph.microsoft.com/v1.0/me/" />
+	  <add key="ida:RedirectUri" value="https://localhost:44321/" />
+	  <add key="ida:GraphScope" value="https://graph.microsoft.com/user.read" />
+	  <add key="ida:CAProtectedResourceScope" value="[Enter_Scope_of_DownstreamService,_e.g._api://a61b1a8a-ace7-47ad-aa12-ad767655215d/access_as_user]" />
+	  <add key="ida:AcrsValue" value="urn:microsoft:req1" />
   </appSettings>
   <system.web>
     <compilation debug="true" targetFramework="4.7.2" />
@@ -63,7 +63,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -79,11 +79,11 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Xml" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -91,7 +91,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols.WsFederation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -121,6 +121,10 @@
         <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <entityFramework>
diff --git a/TodoListService/packages.config b/TodoListService/packages.config
index 7da730f..a634dc0 100644
--- a/TodoListService/packages.config
+++ b/TodoListService/packages.config
@@ -18,12 +18,12 @@
   <package id="Microsoft.Extensions.Configuration" version="5.0.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Configuration.Abstractions" version="5.0.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Primitives" version="5.0.0" targetFramework="net472" />
-  <package id="Microsoft.Identity.Client" version="4.24.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Logging" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.Identity.Client" version="4.43.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Logging" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocols.WsFederation" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Tokens" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Tokens" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Tokens.Saml" version="6.8.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Xml" version="6.8.0" targetFramework="net472" />
   <package id="Microsoft.Net.Http.Headers" version="2.2.8" targetFramework="net472" />
@@ -40,7 +40,7 @@
   <package id="popper.js" version="1.16.1" targetFramework="net472" />
   <package id="Respond" version="1.4.2" targetFramework="net472" />
   <package id="System.Buffers" version="4.5.1" targetFramework="net472" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="6.8.0" targetFramework="net472" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="6.17.0" targetFramework="net472" />
   <package id="System.Memory" version="4.5.4" targetFramework="net472" />
   <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net472" />
   <package id="System.Runtime.CompilerServices.Unsafe" version="5.0.0" targetFramework="net472" />
diff --git a/TodoListWebApp/TodoListWebApp.csproj b/TodoListWebApp/TodoListWebApp.csproj
index ac8faa7..252e3e2 100644
--- a/TodoListWebApp/TodoListWebApp.csproj
+++ b/TodoListWebApp/TodoListWebApp.csproj
@@ -56,23 +56,23 @@
       <HintPath>..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.3.6.0\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Microsoft.Identity.Client, Version=4.24.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.24.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
+    <Reference Include="Microsoft.Identity.Client, Version=4.43.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Identity.Client.4.43.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.6.17.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.8.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.6.17.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.6.8.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.6.17.0\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.8.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.6.17.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin, Version=4.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Owin.4.1.1\lib\net45\Microsoft.Owin.dll</HintPath>
@@ -99,8 +99,8 @@
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="System.IdentityModel" />
     <Reference Include="System.IdentityModel.Services" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.8.0\lib\net461\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.17.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.6.17.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />
diff --git a/TodoListWebApp/Web.config b/TodoListWebApp/Web.config
index db5b698..7fd63c5 100644
--- a/TodoListWebApp/Web.config
+++ b/TodoListWebApp/Web.config
@@ -7,13 +7,13 @@
 <configuration>
   <appSettings>
     <add key="ida:Instance" value="https://login.microsoftonline.com" />
-    <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]" />
-    <add key="ida:ClientId" value="[Enter_client_ID_from_Azure_Portal,_e.g._82692da5-a86f-44c9-9d53-2f88d52b478b]" />
-    <add key="ida:ClientSecret" value="[Enter_client_Secret_from_Azure_Portal]" />
-    <add key="ida:RedirectUri" value="https://localhost:44379/" />
-    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44379/" />
-    <add key="ida:CallbackPath" value="/signin-oidc" />
-    <add key="ida:TodoListServiceScope" value="[Enter API Scope e.g._api://3618935a-1fb5-44c0-936c-8a3ec7dbbd73/.default]" />
+	  <add key="ida:TenantId" value="[Enter_tenant_Id,_e.g._Z963c147-dc13-433f-9520-6db1ff177c34]" />
+	  <add key="ida:ClientId" value="[Enter_client_ID_from_Azure_Portal,_e.g._82692da5-a86f-44c9-9d53-2f88d52b478b]" />
+	  <add key="ida:ClientSecret" value="[Enter_client_Secret_from_Azure_Portal]" />
+	  <add key="ida:RedirectUri" value="https://localhost:44379/" />
+	  <add key="ida:PostLogoutRedirectUri" value="https://localhost:44379/" />
+	  <add key="ida:CallbackPath" value="/signin-oidc" />
+	  <add key="ida:TodoListServiceScope" value="[Enter API Scope e.g._api://3618935a-1fb5-44c0-936c-8a3ec7dbbd73/.default]" />
   </appSettings>
   <location path="Account">
     <system.web>
@@ -55,15 +55,15 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" />
@@ -71,7 +71,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
@@ -87,7 +87,11 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.8.0.0" newVersion="6.8.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.17.0.0" newVersion="6.17.0.0" />
       </dependentAssembly>
     </assemblyBinding>
   </runtime>
diff --git a/TodoListWebApp/packages.config b/TodoListWebApp/packages.config
index 029e0da..fee20f3 100644
--- a/TodoListWebApp/packages.config
+++ b/TodoListWebApp/packages.config
@@ -12,13 +12,13 @@
   <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net472" />
   <package id="Microsoft.AspNet.Web.Optimization.WebForms" version="1.1.3" targetFramework="net472" />
   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="3.6.0" targetFramework="net472" />
-  <package id="Microsoft.Identity.Client" version="4.24.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Logging" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.Identity.Client" version="4.43.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Logging" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.8.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Tokens" version="6.8.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.17.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Tokens" version="6.17.0" targetFramework="net472" />
   <package id="Microsoft.Owin" version="4.1.1" targetFramework="net472" />
   <package id="Microsoft.Owin.Host.SystemWeb" version="4.1.1" targetFramework="net472" />
   <package id="Microsoft.Owin.Security" version="4.1.1" targetFramework="net472" />
@@ -29,6 +29,6 @@
   <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net472" />
   <package id="Owin" version="1.0" targetFramework="net472" />
   <package id="popper.js" version="1.16.1" targetFramework="net472" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="6.8.0" targetFramework="net472" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="6.17.0" targetFramework="net472" />
   <package id="WebGrease" version="1.6.0" targetFramework="net472" />
 </packages>
\ No newline at end of file

From 9e3e35aab3fa69b1fc0e71c0c76521729aaab6ba Mon Sep 17 00:00:00 2001
From: Alexander Beyderman <v-abeyderman@microsoft.com>
Date: Fri, 8 Apr 2022 13:12:55 -0400
Subject: [PATCH 3/4] removed redundant method

---
 Microsoft.Identity.Web.Aspnet/CommonUtil.cs | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/Microsoft.Identity.Web.Aspnet/CommonUtil.cs b/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
index 88b0207..32fcf57 100644
--- a/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
+++ b/Microsoft.Identity.Web.Aspnet/CommonUtil.cs
@@ -17,20 +17,6 @@ public static string EnsureAuthorityIsV2(string authority)
             return authority;
         }
 
-        /// <summary>
-        /// Create valid issuers both for V1.0 and V2.0
-        /// </summary>
-        /// <param name="webApiConfig"></param>
-        /// <returns></returns>
-        public static List<string> BuildValidIssuers(JwtBearerOptions webApiConfig)
-        {
-            return new List<string>
-            {
-                $"{EnsureTrailingSlash(webApiConfig.AADInstance)}{webApiConfig.TenantId}",
-                $"{EnsureTrailingSlash(webApiConfig.AADInstance)}{webApiConfig.TenantId}/v2.0"
-            };
-        }
-
         public static string EnsureTrailingSlash(string value)
         {
             if (value == null)

From 242e57b660d5e4c4cad4cc6e8d779ba6c2dfb2eb Mon Sep 17 00:00:00 2001
From: Alexander Beyderman <v-abeyderman@microsoft.com>
Date: Mon, 11 Apr 2022 15:37:31 -0400
Subject: [PATCH 4/4] refactoring

---
 .../MicrosoftIdentityWebApiAuthorizationBuilder.cs              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
index 3184857..45ae7a4 100644
--- a/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
+++ b/Microsoft.Identity.Web.Aspnet/MicrosoftIdentityWebApiAuthorizationBuilder.cs
@@ -23,8 +23,6 @@ public static void ProtectWebApiWithMicrosoftIdentity(this IAppBuilder app, JwtB
                     {
                         SaveSigninToken = true,
                         ValidAudiences = webApiConfig.ValidAudiences,
-                        //ValidIssuers = CommonUtil.BuildValidIssuers(webApiConfig),
-                        ValidateIssuer = true,
                         IssuerValidator = AadIssuerValidator.GetAadIssuerValidator(new AuthenticationConfig().Authority).Validate
                     }
                 });