[WIP] IdentityModel dependency update for OpenIdConnect, WsFed, and Bearer

build/CommonAssemblyInfo.cs

@@ -8,6 +8,6 @@
 [assembly: AssemblyCopyright("\x00a9 Microsoft Corporation All rights reserved.")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyVersion("4.0.0.0")]
-[assembly: AssemblyFileVersion("4.0.60210.0")]
-[assembly: AssemblyInformationalVersion("4.0.0-alpha1-60210-000")]
+[assembly: AssemblyFileVersion("4.0.60801.0")]
+[assembly: AssemblyInformationalVersion("4.0.0-alpha1-60801-000")]
 [assembly: AssemblyMetadata("Serviceable", "True")]

build/DevAssemblyInfo.cs

@@ -8,6 +8,6 @@
 [assembly: AssemblyCopyright("\x00a9 Microsoft Corporation All rights reserved.")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyVersion("0.31.0.0")]
-[assembly: AssemblyFileVersion("0.31.60210.0")]
-[assembly: AssemblyInformationalVersion("0.31.0-pre-60210-000")]
+[assembly: AssemblyFileVersion("0.31.60801.0")]
+[assembly: AssemblyInformationalVersion("0.31.0-pre-60801-000")]
 [assembly: AssemblyMetadata("Serviceable", "True")]

build/Katana.version.targets

@@ -3,15 +3,15 @@
   <PropertyGroup>
     <ShipVersion>4.0.0</ShipVersion>
     <ShipStrongNameVersion>4.0.0.0</ShipStrongNameVersion>
-    <ShipFullVersion>4.0.0-alpha1-60210-000</ShipFullVersion>
-    <ShipFileVersion>4.0.60210.0</ShipFileVersion>
+    <ShipFullVersion>4.0.0-alpha1-60801-000</ShipFullVersion>
+    <ShipFileVersion>4.0.60801.0</ShipFileVersion>
     <MajorVersion>4</MajorVersion>
     <MinorVersion>0</MinorVersion>
     <PatchVersion>0</PatchVersion>
     <BuildQuality>alpha1</BuildQuality>
-    <BuildDate>60210</BuildDate>
+    <BuildDate>60801</BuildDate>
     <BranchSuffix></BranchSuffix>
-    <Eula>http://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm</Eula>
+    <Eula>https://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm</Eula>
     <ProjectUrl>https://github.com/aspnet/AspNetKatana/</ProjectUrl>
     <Tags>Microsoft OWIN Katana</Tags>
   </PropertyGroup>

build/Sakefile.shade

@@ -4,9 +4,8 @@ var AUTHORS='Microsoft'
 var SHIP='${Version(4, 0, 0, "alpha1")}'
 var DEV='${Version(0, 31, 0, "pre")}'
 set FINAL_MILESTONE='${false}'
-
-var AZUREAD_JWT_SUFFIX=''
-var AZUREAD_EXT_SUFFIX=''
+var AZUREAD_VERSION='5.2.0'
+var AZUREAD_SUFFIX='.407281058-pre'
 var VERSION='${SHIP.VERSION}'
 var FULL_VERSION='${SHIP.FULL_VERSION}'
 var EULA='https://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm'
@@ -271,16 +270,15 @@ var signing='${new List<string>()}'
     test if='OFFICIAL_BUILD && !RELEASE_BUILD'
       -title = title.Split(new[]{"("}, StringSplitOptions.None)[0] + string.Format(" (nightly {0:yyyy MMM dd})", DateTime.Now);
 
-    var azureAdJwtSuffix='${AZUREAD_JWT_SUFFIX}'
-    set azureAdJwtSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
-    var azureAdExtSuffix='${AZUREAD_EXT_SUFFIX}'
-    set azureAdExtSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
+    var azureAdVersion='${AZUREAD_VERSION}'
+    var azureAdSuffix='${AZUREAD_SUFFIX}'
+    set azureAdSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
 
     var licenseUrl='${EULA}'
     var projectUrl='${PROJECT_URL}'
     var tags='${TAGS}'
 
-    nuget-pack nuspecFile='${file}' outputDir='${TARGET_DIR}' extra='-NoPackageAnalysis -Symbols -Properties "id=${baseName};authors=${AUTHORS};author=${AUTHORS};title=${title};description=${description};licenseUrl=${licenseUrl};projectUrl=${projectUrl};tags=${tags};azureAdJwtSuffix=${azureAdJwtSuffix};azureAdExtSuffix=${azureAdExtSuffix}"'
+    nuget-pack nuspecFile='${file}' outputDir='${TARGET_DIR}' extra='-NoPackageAnalysis -Symbols -Properties "id=${baseName};authors=${AUTHORS};author=${AUTHORS};title=${title};description=${description};licenseUrl=${licenseUrl};projectUrl=${projectUrl};tags=${tags};azureAdVersion=${azureAdVersion};azureAdSuffix=${azureAdSuffix}"'
 
 #nuget-deploy target='deploy' description='Upload NuGet packages to gallery'
   var extra=''

src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationExtensions.cs

@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Globalization;
 using System.Linq;
 using Microsoft.Owin.Security.ActiveDirectory;
 using Microsoft.Owin.Security.Jwt;
@@ -28,7 +27,7 @@ public static IAppBuilder UseActiveDirectoryFederationServicesBearerAuthenticati
                 throw new ArgumentNullException("options");
             }
 
-            var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataEndpoint,
+            var cachingSecurityTokenProvider = new WsFedCachingSecurityKeyProvider(options.MetadataEndpoint,
                     options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
 
 #pragma warning disable 618

src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationOptions.cs

@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory

src/Microsoft.Owin.Security.ActiveDirectory/IssuerSigningKeys.cs

@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using System.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
@@ -19,6 +19,6 @@ internal class IssuerSigningKeys
         /// <summary>
         /// Signing tokens.
         /// </summary>
-        public IEnumerable<X509SecurityToken> Tokens { get; set; }
+        public IEnumerable<SecurityKey> Keys { get; set; }
     }
 }

src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.csproj

@@ -40,17 +40,44 @@
     <StartupObject />
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Logging.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Logging.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Protocols.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.WsFederation, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.WsFederation.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Protocols.WsFederation.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Tokens.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens.Saml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.Saml.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Tokens.Saml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Xml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Xml.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Xml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.4.0.0\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.5.2.0.407281058-pre\lib\net451\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />
@@ -68,7 +95,7 @@
       <DesignTime>True</DesignTime>
       <DependentUpon>Resources.resx</DependentUpon>
     </Compile>
-    <Compile Include="WsFedCachingSecurityTokenProvider.cs" />
+    <Compile Include="WsFedCachingSecurityKeyProvider.cs" />
     <Compile Include="IssuerSigningKeys.cs" />
     <Compile Include="WsFedMetadataRetriever.cs" />
     <Compile Include="WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs" />

src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.nuspec

@@ -21,7 +21,7 @@
       <dependency id="Microsoft.Owin.Security" version="$version$" />
       <dependency id="Microsoft.Owin.Security.OAuth" version="$version$" />
       <dependency id="Microsoft.Owin.Security.Jwt" version="$version$" />
-      <dependency id="System.IdentityModel.Tokens.Jwt" version="4.0.0$azureAdJwtSuffix$" />
+      <dependency id="System.IdentityModel.Tokens.Jwt" version="$azureAdVersion$$azureAdSuffix$" />
     </dependencies>
   </metadata>
   <files>

src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs

@@ -40,7 +40,7 @@ public static IAppBuilder UseWindowsAzureActiveDirectoryBearerAuthentication(thi
                 options.MetadataAddress = string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, options.Tenant);
             }
 
-            var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataAddress,
+            var cachingSecurityTokenProvider = new WsFedCachingSecurityKeyProvider(options.MetadataAddress,
                         options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
 
 #pragma warning disable 618

src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationOptions.cs

@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory

src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityTokenProvider.cs → src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityKeyProvider.cs

@@ -4,18 +4,18 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Threading;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.Jwt;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
     /// <summary>
-    /// A security token provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.
+    /// A security key provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "This type is only controlled through the interface, which is not disposable.")]
-    internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider
+    internal class WsFedCachingSecurityKeyProvider : IIssuerSecurityKeyProvider
     {
         private readonly TimeSpan _refreshInterval = new TimeSpan(1, 0, 0, 0);
 
@@ -28,9 +28,9 @@ internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider
 
         private string _issuer;
 
-        private IEnumerable<SecurityToken> _tokens;
+        private IEnumerable<SecurityKey> _keys;
 
-        public WsFedCachingSecurityTokenProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,
+        public WsFedCachingSecurityKeyProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,
             TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)
         {
             _metadataEndpoint = metadataEndpoint;
@@ -67,20 +67,21 @@ public string Issuer
         }
 
         /// <summary>
-        /// Gets all known security tokens.
+        /// Gets all known security keys.
         /// </summary>
         /// <value>
-        /// All known security tokens.
+        /// All known security keys.
         /// </value>
-        public IEnumerable<SecurityToken> SecurityTokens
+        public IEnumerable<SecurityKey> SecurityKeys
         {
             get
             {
                 RefreshMetadata();
-                return _tokens;
+                return _keys;
             }
         }
 
+        [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Can't throw exceptions on a background thread.")]
         private void RefreshMetadata()
         {
             if (_syncAfter >= DateTimeOffset.UtcNow)
@@ -109,7 +110,7 @@ private void RetrieveMetadata()
             IssuerSigningKeys metaData = WsFedMetadataRetriever.GetSigningKeys(_metadataEndpoint,
                 _backchannelTimeout, _backchannelHttpHandler);
             _issuer = metaData.Issuer;
-            _tokens = metaData.Tokens;
+            _keys = metaData.Keys;
         }
     }
 }

src/Microsoft.Owin.Security.ActiveDirectory/WsFedMetadataRetriever.cs

@@ -2,15 +2,12 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.IdentityModel.Metadata;
-using System.IdentityModel.Tokens;
+using System.Collections.ObjectModel;
 using System.IO;
-using System.Linq;
 using System.Net.Http;
-using System.Security.Cryptography.X509Certificates;
-using System.ServiceModel.Security;
 using System.Xml;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
@@ -23,9 +20,6 @@ internal static class WsFedMetadataRetriever
 
         public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)
         {
-            string issuer = string.Empty;
-            var tokens = new List<X509SecurityToken>();
-
             using (var metadataRequest = new HttpClient(backchannelHttpHandler, false))
             {
                 metadataRequest.Timeout = backchannelTimeout;
@@ -35,32 +29,13 @@ public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan
                     Stream metadataStream = metadataResponse.Content.ReadAsStreamAsync().Result;
                     using (XmlReader metaDataReader = XmlReader.Create(metadataStream, SafeSettings))
                     {
-                        var serializer = new MetadataSerializer { CertificateValidationMode = X509CertificateValidationMode.None };
-
-                        MetadataBase metadata = serializer.ReadMetadata(metaDataReader);
-                        var entityDescriptor = (EntityDescriptor)metadata;
-
-                        if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
-                        {
-                            issuer = entityDescriptor.EntityId.Id;
-                        }
+                        var serializer = new WsFederationMetadataSerializer();
+                        var wsFederationConfiguration = serializer.ReadMetadata(metaDataReader);
 
-                        SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First();
-                        if (stsd == null)
-                        {
-                            throw new InvalidOperationException(Properties.Resources.Exception_MissingDescriptor);
-                        }
-
-                        IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses =
-                            stsd.Keys.Where(key => key.KeyInfo != null
-                                && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified))
-                                    .Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First());
-                        tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
+                        return new IssuerSigningKeys { Issuer = wsFederationConfiguration.Issuer, Keys = wsFederationConfiguration.SigningKeys };
                     }
                 }
             }
-
-            return new IssuerSigningKeys { Issuer = issuer, Tokens = tokens };
         }
     }
 }

src/Microsoft.Owin.Security.ActiveDirectory/packages.config

@@ -1,5 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="Microsoft.IdentityModel.Logging" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols.WsFederation" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens.Saml" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Xml" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net451" />
   <package id="Owin" version="1.0" targetFramework="net45" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.0" targetFramework="net45" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="5.2.0.407281058-pre" targetFramework="net451" />
 </packages>

src/Microsoft.Owin.Security.Cookies/Microsoft.Owin.Security.Cookies.csproj

@@ -42,7 +42,6 @@
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Xml" />
   </ItemGroup>

src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.csproj

@@ -37,9 +37,9 @@
     <DocumentationFile>bin\Release\Microsoft.Owin.Security.Facebook.XML</DocumentationFile>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -48,7 +48,6 @@
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />
   </ItemGroup>

src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.nuspec

@@ -17,7 +17,7 @@
     </frameworkAssemblies>
     <dependencies>
       <dependency id="Owin" version="1.0" />
-      <dependency id="Newtonsoft.Json" version="6.0.4" />
+      <dependency id="Newtonsoft.Json" version="9.0.1" />
       <dependency id="Microsoft.Owin" version="$version$" />
       <dependency id="Microsoft.Owin.Security" version="$version$" />
     </dependencies>