[Bug] OpenIdConnectConfigurationSerializer Read() method does not parse UseInfoEndpoint correctly

[martinb69]

Which version of Microsoft.IdentityModel are you using?
Note that to get help, you need to run the latest version.
Microsoft.IdentityModel 7.5

Where is the issue?

• M.IM.JsonWebTokens
• M.IM.KeyVaultExtensions
• M.IM.Logging
• M.IM.ManagedKeyVaultSecurityKey
• M.IM.Protocols
• [*] M.IM.Protocols.OpenIdConnect
• M.IM.Protocols.SignedHttpRequest
• M.IM.Protocols.WsFederation
• M.IM.TestExtensions
• M.IM.Tokens
• M.IM.Tokens.Saml
• M.IM.Validators
• M.IM.Xml
• S.IM.Tokens.Jwt
• Other (please describe)

Is this a new or an existing app?

The issue started after switching to another identityprovider

Repro

See Microsoft.IdentityModel.Protocols.OpenIdConnect / OpenIdConnectConfigurationSerializer.cs
The MetadataName.ScopesSupported is wrong and should be MetadataName.UserInfoEndpoint.

else if (reader.ValueTextEquals(Utf8Bytes.UserInfoEndpoint))
   config.UserInfoEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.ScopesSupported, ClassName, true);

Expected behavior
Parse all fields of the OpenIdConnect info endpoint correctly

Actual behavior
The OpenIdConnectConfigurationSerializer class does not parse the UserInfoEndpoint correctly from the OpenIdConnect discovery endpoint. As a result the next field (in my case "jwks_uri") is not parsed.

Possible solution
Code change:

else if (reader.ValueTextEquals(Utf8Bytes.UserInfoEndpoint))
      config.UserInfoEndpoint = JsonPrimitives.ReadString(ref reader, MetadataName.UserInfoEndpoint, ClassName, true);

Additional context / logs / screenshots / links to code
Parse the following document from OpenIdConnect discovery endpoint where "jwks_uri" is not parsed resulting in missing singing keys:
{
"issuer": "https://identity_tests_dll/auth",
"authorization_endpoint": "https://identity_tests_dll/auth/connect/authorize",
"token_endpoint": "https://identity_tests_dll/auth/connect/token",
"end_session_endpoint": "https://identity_tests_dll/auth/connect/logout",
"userinfo_endpoint": "https://identity_tests_dll/auth/connect/userinfo",
"jwks_uri": "https://identity_tests_dll/auth/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"refresh_token",
"client_credentials",
"password"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"email",
"profile",
"roles",
"api.provision",
"api.session",
"api.organization",
"user",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}

[jennyf19]

Including in the 7.5.1 release @martinb69