Enable nullable on CookiePolicy and Authentication.OAuth (#29251)

src/Analyzers/Microsoft.AspNetCore.Analyzer.Testing/src/Microsoft.AspNetCore.Analyzer.Testing.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>Helpers for writing tests for Roslyn analyzers.</Description>
@@ -11,6 +11,8 @@
     <!-- This package is internal, so we don't generate a package baseline. Always build against the latest dependencies. -->
     <UseLatestPackageReferences>true</UseLatestPackageReferences>
     <IsShippingPackage>false</IsShippingPackage>
+    <!-- Nullable disabled because package is used in tests. -->
+    <Nullable>disable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Http/Owin/src/Microsoft.AspNetCore.Owin.csproj

@@ -5,6 +5,8 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;owin</PackageTags>
+    <!-- Nullable disabled because package is not a commonly used. -->
+    <Nullable>disable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/OAuth/src/ClaimAction.cs

@@ -33,7 +33,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
         public string ValueType { get; }
 
         /// <summary>
-        /// Examine the given userData json, determine if the requisite data is present, and optionally add it
+        /// Examine the given userData JSON, determine if the requisite data is present, and optionally add it
         /// as a new Claim on the ClaimsIdentity.
         /// </summary>
         /// <param name="userData">The source data to examine. This value may be null.</param>

src/Security/Authentication/OAuth/src/ClaimActionCollectionMapExtensions.cs

@@ -22,6 +22,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="jsonKey">The top level key to look for in the json user data.</param>
         public static void MapJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.MapJsonKey(claimType, jsonKey, ClaimValueTypes.String);
         }
 
@@ -35,6 +40,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
         public static void MapJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey, string valueType)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.Add(new JsonKeyClaimAction(claimType, valueType, jsonKey));
         }
 
@@ -48,6 +58,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="subKey">The second level key to look for in the json user data.</param>
         public static void MapJsonSubKey(this ClaimActionCollection collection, string claimType, string jsonKey, string subKey)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.MapJsonSubKey(claimType, jsonKey, subKey, ClaimValueTypes.String);
         }
 
@@ -62,6 +77,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
         public static void MapJsonSubKey(this ClaimActionCollection collection, string claimType, string jsonKey, string subKey, string valueType)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.Add(new JsonSubKeyClaimAction(claimType, valueType, jsonKey, subKey));
         }
 
@@ -74,6 +94,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="resolver">The Func that will be called to select value from the given json user data.</param>
         public static void MapCustomJson(this ClaimActionCollection collection, string claimType, Func<JsonElement, string> resolver)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.MapCustomJson(claimType, ClaimValueTypes.String, resolver);
         }
 
@@ -87,6 +112,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="resolver">The Func that will be called to select value from the given json user data.</param>
         public static void MapCustomJson(this ClaimActionCollection collection, string claimType, string valueType, Func<JsonElement, string> resolver)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.Add(new CustomJsonClaimAction(claimType, valueType, resolver));
         }
 
@@ -96,6 +126,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="collection">The <see cref="ClaimActionCollection"/>.</param>
         public static void MapAll(this ClaimActionCollection collection)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.Clear();
             collection.Add(new MapAllClaimsAction());
         }
@@ -107,6 +142,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="exclusions">The types to exclude.</param>
         public static void MapAllExcept(this ClaimActionCollection collection, params string[] exclusions)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.MapAll();
             collection.DeleteClaims(exclusions);
         }
@@ -118,6 +158,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="claimType">The claim type to delete</param>
         public static void DeleteClaim(this ClaimActionCollection collection, string claimType)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             collection.Add(new DeleteClaimAction(claimType));
         }
 
@@ -128,6 +173,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="claimTypes">The claim types to delete.</param>
         public static void DeleteClaims(this ClaimActionCollection collection, params string[] claimTypes)
         {
+            if (collection == null)
+            {
+                throw new ArgumentNullException(nameof(collection));
+            }
+
             if (claimTypes == null)
             {
                 throw new ArgumentNullException(nameof(claimTypes));

src/Security/Authentication/OAuth/src/Events/OAuthCreatingTicketContext.cs

@@ -68,17 +68,17 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets the access token provided by the authentication service.
         /// </summary>
-        public string AccessToken => TokenResponse.AccessToken;
+        public string? AccessToken => TokenResponse.AccessToken;
 
         /// <summary>
         /// Gets the access token type provided by the authentication service.
         /// </summary>
-        public string TokenType => TokenResponse.TokenType;
+        public string? TokenType => TokenResponse.TokenType;
 
         /// <summary>
         /// Gets the refresh token provided by the authentication service.
         /// </summary>
-        public string RefreshToken => TokenResponse.RefreshToken;
+        public string? RefreshToken => TokenResponse.RefreshToken;
 
         /// <summary>
         /// Gets the access token expiration time.
@@ -106,7 +106,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// Gets the main identity exposed by the authentication ticket.
         /// This property returns <c>null</c> when the ticket is <c>null</c>.
         /// </summary>
-        public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
+        public ClaimsIdentity? Identity => Principal?.Identity as ClaimsIdentity;
 
         /// <summary>
         /// Examines <see cref="User"/>, determine if the requisite data is present, and optionally add it
@@ -122,7 +122,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             foreach (var action in Options.ClaimActions)
             {
-                action.Run(userData, Identity, Options.ClaimsIssuer ?? Scheme.Name);
+                action.Run(userData, Identity!, Options.ClaimsIssuer ?? Scheme.Name);
             }
         }
     }

src/Security/Authentication/OAuth/src/JsonKeyClaimAction.cs

@@ -40,7 +40,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
             {
                 foreach (var v in value.EnumerateArray())
                 {
-                    AddClaim(v.ToString(), identity, issuer);
+                    AddClaim(v.ToString()!, identity, issuer);
                 }
             }
             else if (value.ValueKind == JsonValueKind.Object || value.ValueKind == JsonValueKind.Undefined)
@@ -49,7 +49,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
             }
             else
             {
-                AddClaim(value.ToString(), identity, issuer);
+                AddClaim(value.ToString()!, identity, issuer);
             }
         }
 

src/Security/Authentication/OAuth/src/JsonSubKeyClaimAction.cs

@@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
         }
 
         // Get the given subProperty from a property.
-        private static string GetValue(JsonElement userData, string propertyName, string subProperty)
+        private static string? GetValue(JsonElement userData, string propertyName, string subProperty)
         {
             if (userData.TryGetProperty(propertyName, out var value)
                 && value.ValueKind == JsonValueKind.Object && value.TryGetProperty(subProperty, out value))

src/Security/Authentication/OAuth/src/LoggingExtensions.cs

@@ -7,7 +7,7 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, string, string, Exception> _handleChallenge;
+        private static Action<ILogger, string, string, Exception?> _handleChallenge;
 
         static LoggingExtensions()
         {

src/Security/Authentication/OAuth/src/MapAllClaimsAction.cs

@@ -25,7 +25,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
         {
             foreach (var pair in userData.EnumerateObject())
             {
-                var claimValue = pair.Value.ToString();
+                var claimValue = pair.Value.ToString()!;
 
                 // Avoid adding a claim if there's a duplicate name and value. This often happens in OIDC when claims are
                 // retrieved both from the id_token and from the user-info endpoint.

src/Security/Authentication/OAuth/src/Microsoft.AspNetCore.Authentication.OAuth.csproj

@@ -7,6 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <IsPackable>false</IsPackable>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/OAuth/src/OAuthChallengeProperties.cs

@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// Initializes a new instance of <see cref="OAuthChallengeProperties" />.
         /// </summary>
         /// <inheritdoc />
-        public OAuthChallengeProperties(IDictionary<string, string> items)
+        public OAuthChallengeProperties(IDictionary<string, string?> items)
             : base(items)
         { }
 
@@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// Initializes a new instance of <see cref="OAuthChallengeProperties" />.
         /// </summary>
         /// <inheritdoc />
-        public OAuthChallengeProperties(IDictionary<string, string> items, IDictionary<string, object> parameters)
+        public OAuthChallengeProperties(IDictionary<string, string?>? items, IDictionary<string, object?>? parameters)
             : base(items, parameters)
         { }
 
@@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// </summary>
         public ICollection<string> Scope
         {
-            get => GetParameter<ICollection<string>>(ScopeKey);
+            get => GetParameter<ICollection<string>>(ScopeKey)!;
             set => SetParameter(ScopeKey, value);
         }
 

src/Security/Authentication/OAuth/src/OAuthHandler.cs

@@ -204,11 +204,11 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             // PKCE https://tools.ietf.org/html/rfc7636#section-4.5, see BuildChallengeUrl
             if (context.Properties.Items.TryGetValue(OAuthConstants.CodeVerifierKey, out var codeVerifier))
             {
-                tokenRequestParameters.Add(OAuthConstants.CodeVerifierKey, codeVerifier);
+                tokenRequestParameters.Add(OAuthConstants.CodeVerifierKey, codeVerifier!);
                 context.Properties.Items.Remove(OAuthConstants.CodeVerifierKey);
             }
 
-            var requestContent = new FormUrlEncodedContent(tokenRequestParameters);
+            var requestContent = new FormUrlEncodedContent(tokenRequestParameters!);
 
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
             requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
@@ -249,7 +249,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             {
                 var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, user.RootElement);
                 await Events.CreatingTicket(context);
-                return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
+                return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name);
             }
         }
 
@@ -320,7 +320,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
             parameters["state"] = Options.StateDataFormat.Protect(properties);
 
-            return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters);
+            return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters!);
         }
 
         /// <summary>

src/Security/Authentication/OAuth/src/OAuthOptions.cs

@@ -58,29 +58,29 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the provider-assigned client id.
         /// </summary>
-        public string ClientId { get; set; }
+        public string ClientId { get; set; } = default!;
 
         /// <summary>
         /// Gets or sets the provider-assigned client secret.
         /// </summary>
-        public string ClientSecret { get; set; }
+        public string ClientSecret { get; set; } = default!;
 
         /// <summary>
         /// Gets or sets the URI where the client will be redirected to authenticate.
         /// </summary>
-        public string AuthorizationEndpoint { get; set; }
+        public string AuthorizationEndpoint { get; set; } = default!;
 
         /// <summary>
         /// Gets or sets the URI the middleware will access to exchange the OAuth token.
         /// </summary>
-        public string TokenEndpoint { get; set; }
+        public string TokenEndpoint { get; set; } = default!;
 
         /// <summary>
         /// Gets or sets the URI the middleware will access to obtain the user information.
         /// This value is not used in the default implementation, it is for use in custom implementations of
         /// <see cref="OAuthEvents.OnCreatingTicket" />.
         /// </summary>
-        public string UserInformationEndpoint { get; set; }
+        public string UserInformationEndpoint { get; set; } = default!;
 
         /// <summary>
         /// Gets or sets the <see cref="OAuthEvents"/> used to handle authentication events.
@@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
-        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; } = default!;
 
         /// <summary>
         /// Enables or disables the use of the Proof Key for Code Exchange (PKCE) standard. See https://tools.ietf.org/html/rfc7636.

src/Security/Authentication/OAuth/src/OAuthPostConfigureOptions.cs

@@ -42,7 +42,7 @@ namespace Microsoft.Extensions.DependencyInjection
             if (options.StateDataFormat == null)
             {
                 var dataProtector = options.DataProtectionProvider.CreateProtector(
-                    typeof(THandler).FullName, name, "v1");
+                    typeof(THandler).FullName!, name, "v1");
                 options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
         }

src/Security/Authentication/OAuth/src/OAuthTokenResponse.cs

@@ -59,12 +59,12 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the received JSON payload.
         /// </summary>
-        public JsonDocument Response { get; set; }
+        public JsonDocument? Response { get; set; }
 
         /// <summary>
         /// Gets or sets the access token issued by the OAuth provider.
         /// </summary>
-        public string AccessToken { get; set; }
+        public string? AccessToken { get; set; }
 
         /// <summary>
         /// Gets or sets the token type.
@@ -72,21 +72,21 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <remarks>
         /// Typically the string “bearer”.
         /// </remarks>
-        public string TokenType { get; set; }
+        public string? TokenType { get; set; }
 
         /// <summary>
         /// Gets or sets a refresh token that applications can use to obtain another access token if tokens can expire.
         /// </summary>
-        public string RefreshToken { get; set; }
+        public string? RefreshToken { get; set; }
 
         /// <summary>
         /// Gets or sets the validatity lifetime of the token in seconds.
         /// </summary>
-        public string ExpiresIn { get; set; }
+        public string? ExpiresIn { get; set; }
 
         /// <summary>
         /// The exception in the event the response was a failure.
         /// </summary>
-        public Exception Error { get; set; }
+        public Exception? Error { get; set; }
     }
 }

src/Security/Authentication/OAuth/src/PublicAPI.Shipped.txt

@@ -30,110 +30,110 @@ Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse
 Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Dispose() -> void
 Microsoft.Extensions.DependencyInjection.OAuthExtensions
 override Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Validate() -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ClaimAction(string claimType, string valueType) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ClaimType.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ValueType.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.Add(Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction action) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.GetEnumerator() -> System.Collections.Generic.IEnumerator<Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction>
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.Remove(string claimType) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.CustomJsonClaimAction(string claimType, string valueType, System.Func<System.Text.Json.JsonElement, string> resolver) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.Resolver.get -> System.Func<System.Text.Json.JsonElement, string>
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.DeleteClaimAction.DeleteClaimAction(string claimType) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.JsonKey.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.JsonKeyClaimAction(string claimType, string valueType, string jsonKey) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.JsonSubKeyClaimAction(string claimType, string valueType, string jsonKey, string subKey) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.SubKey.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.OAuthChallengeProperties(System.Collections.Generic.IDictionary<string, string> items) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.OAuthChallengeProperties(System.Collections.Generic.IDictionary<string, string> items, System.Collections.Generic.IDictionary<string, object> parameters) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.Scope.get -> System.Collections.Generic.ICollection<string>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.Scope.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.Code.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.OAuthCodeExchangeContext(Microsoft.AspNetCore.Authentication.AuthenticationProperties properties, string code, string redirectUri) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.Properties.get -> Microsoft.AspNetCore.Authentication.AuthenticationProperties
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.RedirectUri.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.AccessToken.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.Backchannel.get -> System.Net.Http.HttpClient
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.Identity.get -> System.Security.Claims.ClaimsIdentity
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.OAuthCreatingTicketContext(System.Security.Claims.ClaimsPrincipal principal, Microsoft.AspNetCore.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationScheme scheme, Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions options, System.Net.Http.HttpClient backchannel, Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse tokens, System.Text.Json.JsonElement user) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.RefreshToken.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.TokenResponse.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.TokenType.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnCreatingTicket.get -> System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnCreatingTicket.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnRedirectToAuthorizationEndpoint.get -> System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>, System.Threading.Tasks.Task>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnRedirectToAuthorizationEndpoint.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ClaimAction(string! claimType, string! valueType) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ClaimType.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.ValueType.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.Add(Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction! action) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.GetEnumerator() -> System.Collections.Generic.IEnumerator<Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction!>!
+Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection.Remove(string! claimType) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.CustomJsonClaimAction(string! claimType, string! valueType, System.Func<System.Text.Json.JsonElement, string!>! resolver) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.Resolver.get -> System.Func<System.Text.Json.JsonElement, string!>!
+Microsoft.AspNetCore.Authentication.OAuth.Claims.DeleteClaimAction.DeleteClaimAction(string! claimType) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.JsonKey.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.JsonKeyClaimAction(string! claimType, string! valueType, string! jsonKey) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.JsonSubKeyClaimAction(string! claimType, string! valueType, string! jsonKey, string! subKey) -> void
+Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.SubKey.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.OAuthChallengeProperties(System.Collections.Generic.IDictionary<string!, string?>! items) -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.OAuthChallengeProperties(System.Collections.Generic.IDictionary<string!, string?>? items, System.Collections.Generic.IDictionary<string!, object?>? parameters) -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.Scope.get -> System.Collections.Generic.ICollection<string!>!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.Scope.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.Code.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.OAuthCodeExchangeContext(Microsoft.AspNetCore.Authentication.AuthenticationProperties! properties, string! code, string! redirectUri) -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.Properties.get -> Microsoft.AspNetCore.Authentication.AuthenticationProperties!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext.RedirectUri.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.AccessToken.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.Backchannel.get -> System.Net.Http.HttpClient!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.Identity.get -> System.Security.Claims.ClaimsIdentity?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.OAuthCreatingTicketContext(System.Security.Claims.ClaimsPrincipal! principal, Microsoft.AspNetCore.Authentication.AuthenticationProperties! properties, Microsoft.AspNetCore.Http.HttpContext! context, Microsoft.AspNetCore.Authentication.AuthenticationScheme! scheme, Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions! options, System.Net.Http.HttpClient! backchannel, Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse! tokens, System.Text.Json.JsonElement user) -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.RefreshToken.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.TokenResponse.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext.TokenType.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnCreatingTicket.get -> System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext!, System.Threading.Tasks.Task!>!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnCreatingTicket.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnRedirectToAuthorizationEndpoint.get -> System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions!>!, System.Threading.Tasks.Task!>!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.OnRedirectToAuthorizationEndpoint.set -> void
 ~Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Backchannel.get -> System.Net.Http.HttpClient
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Events.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Events.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.OAuthHandler(Microsoft.Extensions.Options.IOptionsMonitor<TOptions> options, Microsoft.Extensions.Logging.ILoggerFactory logger, System.Text.Encodings.Web.UrlEncoder encoder, Microsoft.AspNetCore.Authentication.ISystemClock clock) -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.AuthorizationEndpoint.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.AuthorizationEndpoint.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClaimActions.get -> Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientId.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientId.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientSecret.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientSecret.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Events.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Events.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Scope.get -> System.Collections.Generic.ICollection<string>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.StateDataFormat.get -> Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.StateDataFormat.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.TokenEndpoint.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.TokenEndpoint.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.UserInformationEndpoint.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.UserInformationEndpoint.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.AccessToken.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.AccessToken.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Error.get -> System.Exception
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Error.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.ExpiresIn.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.ExpiresIn.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.RefreshToken.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.RefreshToken.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Response.get -> System.Text.Json.JsonDocument
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Response.set -> void
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.TokenType.get -> string
-~Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.TokenType.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Backchannel.get -> System.Net.Http.HttpClient!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Events.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.Events.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.OAuthHandler(Microsoft.Extensions.Options.IOptionsMonitor<TOptions!>! options, Microsoft.Extensions.Logging.ILoggerFactory! logger, System.Text.Encodings.Web.UrlEncoder! encoder, Microsoft.AspNetCore.Authentication.ISystemClock! clock) -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.AuthorizationEndpoint.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.AuthorizationEndpoint.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClaimActions.get -> Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientId.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientId.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientSecret.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.ClientSecret.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Events.get -> Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Events.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Scope.get -> System.Collections.Generic.ICollection<string!>!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.StateDataFormat.get -> Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties!>!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.StateDataFormat.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.TokenEndpoint.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.TokenEndpoint.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.UserInformationEndpoint.get -> string!
+Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.UserInformationEndpoint.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.AccessToken.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.AccessToken.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Error.get -> System.Exception?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Error.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.ExpiresIn.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.ExpiresIn.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.RefreshToken.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.RefreshToken.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Response.get -> System.Text.Json.JsonDocument?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Response.set -> void
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.TokenType.get -> string?
+Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.TokenType.set -> void
 ~Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<TOptions, THandler>
-~Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<TOptions, THandler>.OAuthPostConfigureOptions(Microsoft.AspNetCore.DataProtection.IDataProtectionProvider dataProtection) -> void
-~Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<TOptions, THandler>.PostConfigure(string name, TOptions options) -> void
-~abstract Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.Claims.DeleteClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.Claims.MapAllClaimsAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity identity, string issuer) -> void
-~override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.CreateEventsAsync() -> System.Threading.Tasks.Task<object>
-~override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.HandleChallengeAsync(Microsoft.AspNetCore.Authentication.AuthenticationProperties properties) -> System.Threading.Tasks.Task
-~override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.HandleRemoteAuthenticateAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.DeleteClaim(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.DeleteClaims(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, params string[] claimTypes) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapAll(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapAllExcept(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, params string[] exclusions) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapCustomJson(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, System.Func<System.Text.Json.JsonElement, string> resolver) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapCustomJson(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, string valueType, System.Func<System.Text.Json.JsonElement, string> resolver) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, string jsonKey) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, string jsonKey, string valueType) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonSubKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, string jsonKey, string subKey) -> void
-~static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonSubKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection collection, string claimType, string jsonKey, string subKey, string valueType) -> void
-~static Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Failed(System.Exception error) -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse
-~static Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Success(System.Text.Json.JsonDocument response) -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse
-~static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions> configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder
-~static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions> configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder
-~static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<TOptions> configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder
-~static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<TOptions> configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.ScopeKey -> string
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeKey -> string
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeMethodKey -> string
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeMethodS256 -> string
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeVerifierKey -> string
-~static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthDefaults.DisplayName -> string
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.SetScope(params string[] scopes) -> void
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.CreatingTicket(Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext context) -> System.Threading.Tasks.Task
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.RedirectToAuthorizationEndpoint(Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions> context) -> System.Threading.Tasks.Task
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.BuildChallengeUrl(Microsoft.AspNetCore.Authentication.AuthenticationProperties properties, string redirectUri) -> string
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.CreateTicketAsync(System.Security.Claims.ClaimsIdentity identity, Microsoft.AspNetCore.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse tokens) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.ExchangeCodeAsync(Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext context) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse>
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.FormatScope() -> string
-~virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.FormatScope(System.Collections.Generic.IEnumerable<string> scopes) -> string
+Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<TOptions, THandler>.OAuthPostConfigureOptions(Microsoft.AspNetCore.DataProtection.IDataProtectionProvider! dataProtection) -> void
+Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<TOptions, THandler>.PostConfigure(string! name, TOptions! options) -> void
+abstract Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.Claims.DeleteClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.Claims.MapAllClaimsAction.Run(System.Text.Json.JsonElement userData, System.Security.Claims.ClaimsIdentity! identity, string! issuer) -> void
+override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.CreateEventsAsync() -> System.Threading.Tasks.Task<object!>!
+override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.HandleChallengeAsync(Microsoft.AspNetCore.Authentication.AuthenticationProperties! properties) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.HandleRemoteAuthenticateAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult!>!
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.DeleteClaim(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.DeleteClaims(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, params string![]! claimTypes) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapAll(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapAllExcept(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, params string![]! exclusions) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapCustomJson(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, System.Func<System.Text.Json.JsonElement, string!>! resolver) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapCustomJson(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, string! valueType, System.Func<System.Text.Json.JsonElement, string!>! resolver) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, string! jsonKey) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, string! jsonKey, string! valueType) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonSubKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, string! jsonKey, string! subKey) -> void
+static Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapJsonSubKey(this Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection! collection, string! claimType, string! jsonKey, string! subKey, string! valueType) -> void
+static Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Failed(System.Exception! error) -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse!
+static Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse.Success(System.Text.Json.JsonDocument! response) -> Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse!
+static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions!>! configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
+static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme, string! displayName, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions!>! configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
+static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme, System.Action<TOptions!>! configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
+static Microsoft.Extensions.DependencyInjection.OAuthExtensions.AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder! builder, string! authenticationScheme, string! displayName, System.Action<TOptions!>! configureOptions) -> Microsoft.AspNetCore.Authentication.AuthenticationBuilder!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.ScopeKey -> string!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeKey -> string!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeMethodKey -> string!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeChallengeMethodS256 -> string!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthConstants.CodeVerifierKey -> string!
+static readonly Microsoft.AspNetCore.Authentication.OAuth.OAuthDefaults.DisplayName -> string!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties.SetScope(params string![]! scopes) -> void
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.CreatingTicket(Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents.RedirectToAuthorizationEndpoint(Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions!>! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.BuildChallengeUrl(Microsoft.AspNetCore.Authentication.AuthenticationProperties! properties, string! redirectUri) -> string!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.CreateTicketAsync(System.Security.Claims.ClaimsIdentity! identity, Microsoft.AspNetCore.Authentication.AuthenticationProperties! properties, Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse! tokens) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket!>!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.ExchangeCodeAsync(Microsoft.AspNetCore.Authentication.OAuth.OAuthCodeExchangeContext! context) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse!>!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.FormatScope() -> string!
+virtual Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.FormatScope(System.Collections.Generic.IEnumerable<string!>! scopes) -> string!

src/Security/CookiePolicy/src/CookiePolicyOptions.cs

@@ -41,16 +41,16 @@ namespace Microsoft.AspNetCore.Builder
         /// <summary>
         /// Checks if consent policies should be evaluated on this request. The default is false.
         /// </summary>
-        public Func<HttpContext, bool> CheckConsentNeeded { get; set; }
+        public Func<HttpContext, bool>? CheckConsentNeeded { get; set; }
 
         /// <summary>
         /// Called when a cookie is appended.
         /// </summary>
-        public Action<AppendCookieContext> OnAppendCookie { get; set; }
+        public Action<AppendCookieContext>? OnAppendCookie { get; set; }
 
         /// <summary>
         /// Called when a cookie is deleted.
         /// </summary>
-        public Action<DeleteCookieContext> OnDeleteCookie { get; set; }
+        public Action<DeleteCookieContext>? OnDeleteCookie { get; set; }
     }
 }

src/Security/CookiePolicy/src/LoggingExtensions.cs

@@ -7,15 +7,15 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, bool, Exception> _needsConsent;
-        private static Action<ILogger, bool, Exception> _hasConsent;
-        private static Action<ILogger, Exception> _consentGranted;
-        private static Action<ILogger, Exception> _consentWithdrawn;
-        private static Action<ILogger, string, Exception> _cookieSuppressed;
-        private static Action<ILogger, string, Exception> _deleteCookieSuppressed;
-        private static Action<ILogger, string, Exception> _upgradedToSecure;
-        private static Action<ILogger, string, string, Exception> _upgradedSameSite;
-        private static Action<ILogger, string, Exception> _upgradedToHttpOnly;
+        private static Action<ILogger, bool, Exception?> _needsConsent;
+        private static Action<ILogger, bool, Exception?> _hasConsent;
+        private static Action<ILogger, Exception?> _consentGranted;
+        private static Action<ILogger, Exception?> _consentWithdrawn;
+        private static Action<ILogger, string, Exception?> _cookieSuppressed;
+        private static Action<ILogger, string, Exception?> _deleteCookieSuppressed;
+        private static Action<ILogger, string, Exception?> _upgradedToSecure;
+        private static Action<ILogger, string, string, Exception?> _upgradedSameSite;
+        private static Action<ILogger, string, Exception?> _upgradedToHttpOnly;
 
         static LoggingExtensions()
         {

src/Security/CookiePolicy/src/Microsoft.AspNetCore.CookiePolicy.csproj

@@ -7,6 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
     <IsPackable>false</IsPackable>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/CookiePolicy/src/PublicAPI.Shipped.txt

@@ -23,32 +23,32 @@ Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy
 Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always = 1 -> Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy
 Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.None = 0 -> Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy
 Microsoft.Extensions.DependencyInjection.CookiePolicyServiceCollectionExtensions
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.CheckConsentNeeded.get -> System.Func<Microsoft.AspNetCore.Http.HttpContext, bool>
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.CheckConsentNeeded.set -> void
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.ConsentCookie.get -> Microsoft.AspNetCore.Http.CookieBuilder
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.ConsentCookie.set -> void
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnAppendCookie.get -> System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnAppendCookie.set -> void
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnDeleteCookie.get -> System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>
-~Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnDeleteCookie.set -> void
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.AppendCookieContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Http.CookieOptions options, string name, string value) -> void
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.Context.get -> Microsoft.AspNetCore.Http.HttpContext
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieName.get -> string
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieName.set -> void
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieOptions.get -> Microsoft.AspNetCore.Http.CookieOptions
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieValue.get -> string
-~Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieValue.set -> void
-~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.CookiePolicyMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions> options) -> void
-~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.CookiePolicyMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions> options, Microsoft.Extensions.Logging.ILoggerFactory factory) -> void
-~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) -> System.Threading.Tasks.Task
-~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Options.get -> Microsoft.AspNetCore.Builder.CookiePolicyOptions
-~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Options.set -> void
-~Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.Context.get -> Microsoft.AspNetCore.Http.HttpContext
-~Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieName.get -> string
-~Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieName.set -> void
-~Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieOptions.get -> Microsoft.AspNetCore.Http.CookieOptions
-~Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.DeleteCookieContext(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Http.CookieOptions options, string name) -> void
-~static Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy(this Microsoft.AspNetCore.Builder.IApplicationBuilder app) -> Microsoft.AspNetCore.Builder.IApplicationBuilder
-~static Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.CookiePolicyOptions options) -> Microsoft.AspNetCore.Builder.IApplicationBuilder
-~static Microsoft.Extensions.DependencyInjection.CookiePolicyServiceCollectionExtensions.AddCookiePolicy(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Builder.CookiePolicyOptions> configureOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection
-~static Microsoft.Extensions.DependencyInjection.CookiePolicyServiceCollectionExtensions.AddCookiePolicy<TService>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Builder.CookiePolicyOptions, TService> configureOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.CheckConsentNeeded.get -> System.Func<Microsoft.AspNetCore.Http.HttpContext!, bool>?
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.CheckConsentNeeded.set -> void
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.ConsentCookie.get -> Microsoft.AspNetCore.Http.CookieBuilder!
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.ConsentCookie.set -> void
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnAppendCookie.get -> System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext!>?
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnAppendCookie.set -> void
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnDeleteCookie.get -> System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext!>?
+Microsoft.AspNetCore.Builder.CookiePolicyOptions.OnDeleteCookie.set -> void
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.AppendCookieContext(Microsoft.AspNetCore.Http.HttpContext! context, Microsoft.AspNetCore.Http.CookieOptions! options, string! name, string! value) -> void
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.Context.get -> Microsoft.AspNetCore.Http.HttpContext!
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieName.get -> string!
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieName.set -> void
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieOptions.get -> Microsoft.AspNetCore.Http.CookieOptions!
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieValue.get -> string!
+Microsoft.AspNetCore.CookiePolicy.AppendCookieContext.CookieValue.set -> void
+~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.CookiePolicyMiddleware(Microsoft.AspNetCore.Http.RequestDelegate! next, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions!>! options) -> void
+~Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.CookiePolicyMiddleware(Microsoft.AspNetCore.Http.RequestDelegate! next, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions!>! options, Microsoft.Extensions.Logging.ILoggerFactory! factory) -> void
+Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Options.get -> Microsoft.AspNetCore.Builder.CookiePolicyOptions!
+Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware.Options.set -> void
+Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.Context.get -> Microsoft.AspNetCore.Http.HttpContext!
+Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieName.get -> string!
+Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieName.set -> void
+Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.CookieOptions.get -> Microsoft.AspNetCore.Http.CookieOptions!
+Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext.DeleteCookieContext(Microsoft.AspNetCore.Http.HttpContext! context, Microsoft.AspNetCore.Http.CookieOptions! options, string! name) -> void
+static Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy(this Microsoft.AspNetCore.Builder.IApplicationBuilder! app) -> Microsoft.AspNetCore.Builder.IApplicationBuilder!
+static Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy(this Microsoft.AspNetCore.Builder.IApplicationBuilder! app, Microsoft.AspNetCore.Builder.CookiePolicyOptions! options) -> Microsoft.AspNetCore.Builder.IApplicationBuilder!
+static Microsoft.Extensions.DependencyInjection.CookiePolicyServiceCollectionExtensions.AddCookiePolicy(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.AspNetCore.Builder.CookiePolicyOptions!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Extensions.DependencyInjection.CookiePolicyServiceCollectionExtensions.AddCookiePolicy<TService>(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.AspNetCore.Builder.CookiePolicyOptions!, TService!>! configureOptions) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!

src/Security/CookiePolicy/src/ResponseCookiesWrapper.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
@@ -53,7 +54,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 if (!_hasConsent.HasValue)
                 {
-                    var cookie = Context.Request.Cookies[Options.ConsentCookie.Name];
+                    var cookie = Context.Request.Cookies[Options.ConsentCookie.Name!];
                     _hasConsent = string.Equals(cookie, ConsentValue, StringComparison.Ordinal);
                     _logger.HasConsent(_hasConsent.Value);
                 }
@@ -70,7 +71,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 var cookieOptions = Options.ConsentCookie.Build(Context);
                 // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
-                Append(Options.ConsentCookie.Name, ConsentValue, cookieOptions);
+                Append(Options.ConsentCookie.Name!, ConsentValue, cookieOptions);
                 _logger.ConsentGranted();
             }
             _hasConsent = true;
@@ -82,7 +83,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 var cookieOptions = Options.ConsentCookie.Build(Context);
                 // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
-                Delete(Options.ConsentCookie.Name, cookieOptions);
+                Delete(Options.ConsentCookie.Name!, cookieOptions);
                 _logger.ConsentWithdrawn();
             }
             _hasConsent = false;
@@ -94,6 +95,8 @@ namespace Microsoft.AspNetCore.CookiePolicy
             var key = Options.ConsentCookie.Name;
             var value = ConsentValue;
             var options = Options.ConsentCookie.Build(Context);
+
+            Debug.Assert(key != null);
             ApplyAppendPolicy(ref key, ref value, options);
 
             var setCookieHeaderValue = new Net.Http.Headers.SetCookieHeaderValue(

src/Servers/Kestrel/Transport.Libuv/src/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv.csproj

@@ -8,6 +8,8 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <!-- This package is obsolete in 5.0, will be removed in 6.0 -->
     <NoWarn>CS1591;$(NoWarn)</NoWarn>
+    <!-- Nullable disabled because package is being removed. -->
+    <Nullable>disable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Testing/src/Microsoft.AspNetCore.Testing.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>Various helpers for writing tests that use ASP.NET Core.</Description>
@@ -15,6 +15,8 @@
     <UseLatestPackageReferences>true</UseLatestPackageReferences>
     <!-- No need to track public APIs in test utilities. -->
     <AddPublicApiAnalyzers>false</AddPublicApiAnalyzers>
+    <!-- Nullable disabled because package is used in tests. -->
+    <Nullable>disable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>