fix(deps): drop explicit pin on Microsoft.IdentityModel.Tokens
Same fix as obsidian-mcp: JwtBearer 10.0.x's transitive JsonWebTokens 9.x calls Decode(ReadOnlySpan, Span) which is only in Tokens 9.x. Explicit pin to 8.* forces downgrade → MissingMethodException → 401 on every JWT validation.
This commit is contained in:
+5
-2
@@ -21,9 +21,12 @@
|
|||||||
<PackageReference Include="ModelContextProtocol" Version="0.*" />
|
<PackageReference Include="ModelContextProtocol" Version="0.*" />
|
||||||
<PackageReference Include="ModelContextProtocol.AspNetCore" Version="0.*" />
|
<PackageReference Include="ModelContextProtocol.AspNetCore" Version="0.*" />
|
||||||
|
|
||||||
<!-- JWT Bearer 认证(与 nas-auth 同款 HS256) -->
|
<!-- JWT Bearer 认证(与 nas-auth 同款 HS256)。不显式 pin
|
||||||
|
Microsoft.IdentityModel.Tokens:JwtBearer 10.0.x 传递依赖
|
||||||
|
Microsoft.IdentityModel.JsonWebTokens 9.x,调 Base64UrlEncoder.Decode
|
||||||
|
(ReadOnlySpan, Span) 在 Tokens 9.x 才有;显式 pin 8.* 会 downgrade Tokens
|
||||||
|
→ runtime MissingMethodException → 任何 JWT 验证 401。 -->
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.*" />
|
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.*" />
|
||||||
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.*" />
|
|
||||||
|
|
||||||
<!-- HttpClient 弹性策略(retry + backoff) -->
|
<!-- HttpClient 弹性策略(retry + backoff) -->
|
||||||
<PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="9.*" />
|
<PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="9.*" />
|
||||||
|
|||||||
Reference in New Issue
Block a user