[Regression] SaveTokens + GetTokenAsync does not work for JwtBearer

[Tratcher]

2.1 patch request for #1765, #1767

+This is a regression from 2.0.
+We've seen 3 customers hit this
+It's difficult for them to diagnose

-The workaround is trivial (read the value directly from the auth header). SaveTokens was only added to JwtBearer for consistency with the other providers.

[muratg]

cc @Eilon

[Eilon]

Please add the necessary stuff to the shiproom OneNote.

[Tratcher]

Where's the current OneNote?

[Eilon]

I'll sent you the link.

[HaoK]

Tests need to be added for this before taking it as a patch imo, the fix that was merged contained no tests...

[profet23]

I'd argue that since this is a regression and not a new feature, the priority should be on publishing a fix. GetTokenAsync is commonly referenced in documentation having to do with jwt authentication. This regression leads to a bug that is very hard to track down. The fix is simple and obvious.
Other libraries like: https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation rely on this feature to be working.

The current state is that it was working in 2.0.x, the user updates their dependencies to 2.1.x and things stop working. Since the fix already exists in 2.2.x the dependent code will once again start working when that is released.

[HaoK]

Adding tests for the fix doesn't affect when the it will be available.

This is more of an engineering concern rather than anything else, there's still no test coverage for something which already has been regressed once.

[profet23]

My concern is that the test issue #1768 has been open since May 23. I'm all for having the tests added, but I don't think it should be a blocking issue for 2.1.3. Making it a blocker for 2.2 is another story.

[Eilon]

Patch is approved for 2.1.3. Please check in ASAP.

[Tratcher]

@HaoK do you have bandwidth for this?