Replace Newtonsoft.Json by System.Text.Json

eng/Versions.props

@@ -13,9 +13,9 @@
     <AspNetCoreVersion>3.0.0</AspNetCoreVersion>
     <IdentityModelCoreVersion>2.1.4</IdentityModelCoreVersion>
     <JetBrainsVersion>2019.1.3</JetBrainsVersion>
-    <JsonNetVersion>10.0.3</JsonNetVersion>
     <JustEatHttpClientInterceptionVersion>3.0.0</JustEatHttpClientInterceptionVersion>
     <MartinCostelloLoggingXUnitVersion>0.1.0</MartinCostelloLoggingXUnitVersion>
     <ShouldlyVersion>3.0.2</ShouldlyVersion>
+    <SystemTextJsonVersion>4.6.0</SystemTextJsonVersion>
   </PropertyGroup>
 </Project>

src/AspNet.Security.OpenId.Steam/SteamAuthenticationHandler.cs

@@ -6,17 +6,18 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
+using System.Text.Json;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using Newtonsoft.Json.Linq;
 
 namespace AspNet.Security.OpenId.Steam
 {
@@ -96,25 +97,26 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
                 throw new HttpRequestException("An error occurred while retrieving the user profile from Steam.");
             }
 
-            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+            using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync());
 
             // Try to extract the profile name of the authenticated user.
-            var profile = payload.Value<JObject>(SteamAuthenticationConstants.Parameters.Response)
-                                ?.Value<JArray>(SteamAuthenticationConstants.Parameters.Players)
-                            ?[0]?.Value<string>(SteamAuthenticationConstants.Parameters.Name);
+            var profile = payload.RootElement.GetProperty(SteamAuthenticationConstants.Parameters.Response)
+                                .GetProperty(SteamAuthenticationConstants.Parameters.Players)
+                                .EnumerateArray()
+                                .FirstOrDefault();
 
-            if (!string.IsNullOrEmpty(profile))
+            if (profile.ValueKind == JsonValueKind.Object && profile.TryGetProperty(SteamAuthenticationConstants.Parameters.Name, out var name))
             {
-                identity.AddClaim(new Claim(ClaimTypes.Name, profile, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim(ClaimTypes.Name, name.GetString(), ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
             return await RunAuthenticatedEventAsync(payload);
 
-            async Task<AuthenticationTicket> RunAuthenticatedEventAsync(JObject user = null)
+            async Task<AuthenticationTicket> RunAuthenticatedEventAsync(JsonDocument user = null)
             {
                 var context = new OpenIdAuthenticatedContext(Context, Scheme, Options, ticket)
                 {
-                    User = user ?? new JObject()
+                    User = user
                 };
 
                 // Copy the attributes to the context object.

src/AspNet.Security.OpenId/AspNet.Security.OpenId.csproj

@@ -15,7 +15,7 @@
     <PackageReference Include="AngleSharp" Version="$(AngleSharpVersion)" />
     <PackageReference Include="JetBrains.Annotations" Version="$(JetBrainsVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols" Version="$(IdentityModelCoreVersion)" />
-    <PackageReference Include="Newtonsoft.Json" Version="$(JsonNetVersion)" />
+    <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonVersion)" />
   </ItemGroup>
 
 </Project>

src/AspNet.Security.OpenId/Events/OpenIdAuthenticatedContext.cs

@@ -6,10 +6,10 @@
 
 using System.Collections.Generic;
 using System.Security.Claims;
+using System.Text.Json;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Newtonsoft.Json.Linq;
 
 namespace AspNet.Security.OpenId
 {
@@ -57,6 +57,6 @@ public OpenIdAuthenticatedContext(
         /// Gets or sets the optional JSON payload extracted from the current request.
         /// This property is not set by the generic middleware but can be used by specialized middleware.
         /// </summary>
-        public JObject User { get; set; } = new JObject();
+        public JsonDocument User { get; set; }
     }
 }