[cherry pick] Use TokenValidationParameter copy constructor to make a deep copy

src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs

@@ -61,7 +61,7 @@ protected TokenValidationParameters(TokenValidationParameters other)
             IssuerSigningKey = other.IssuerSigningKey;
             IssuerSigningKeyResolver = other.IssuerSigningKeyResolver;
             IssuerSigningKeyResolverUsingConfiguration = other.IssuerSigningKeyResolverUsingConfiguration;
-            IssuerSigningKeys = other.IssuerSigningKeys;
+            IssuerSigningKeys = other.IssuerSigningKeys is not null ? new List<SecurityKey>(other.IssuerSigningKeys) : null;
             IssuerSigningKeyValidator = other.IssuerSigningKeyValidator;
             IssuerSigningKeyValidatorUsingConfiguration = other.IssuerSigningKeyValidatorUsingConfiguration;
             IssuerValidator = other.IssuerValidator;
@@ -72,7 +72,7 @@ protected TokenValidationParameters(TokenValidationParameters other)
             LogValidationExceptions = other.LogValidationExceptions;
             NameClaimType = other.NameClaimType;
             NameClaimTypeRetriever = other.NameClaimTypeRetriever;
-            PropertyBag = other.PropertyBag;
+            PropertyBag = other.PropertyBag is not null ? new Dictionary<string, object>(other.PropertyBag) : null;
             TryReadJwtClaim = other.TryReadJwtClaim;
             RefreshBeforeValidation = other.RefreshBeforeValidation;
             RequireAudience = other.RequireAudience;
@@ -86,7 +86,7 @@ protected TokenValidationParameters(TokenValidationParameters other)
             SignatureValidatorUsingConfiguration = other.SignatureValidatorUsingConfiguration;
             TokenDecryptionKey = other.TokenDecryptionKey;
             TokenDecryptionKeyResolver = other.TokenDecryptionKeyResolver;
-            TokenDecryptionKeys = other.TokenDecryptionKeys;
+            TokenDecryptionKeys = other.TokenDecryptionKeys is not null ? new List<SecurityKey>(other.TokenDecryptionKeys) : null;
             TokenReader = other.TokenReader;
             TokenReplayCache = other.TokenReplayCache;
             TokenReplayValidator = other.TokenReplayValidator;
@@ -105,12 +105,12 @@ protected TokenValidationParameters(TokenValidationParameters other)
             ValidateSignatureLast = other.ValidateSignatureLast;
             ValidateTokenReplay = other.ValidateTokenReplay;
             ValidateWithLKG = other.ValidateWithLKG;
-            ValidAlgorithms = other.ValidAlgorithms;
+            ValidAlgorithms = other.ValidAlgorithms is not null ? new List<string>(other.ValidAlgorithms) : null;
             ValidAudience = other.ValidAudience;
-            ValidAudiences = other.ValidAudiences;
+            ValidAudiences = other.ValidAudiences is not null ? new List<string>(other.ValidAudiences) : null;
             ValidIssuer = other.ValidIssuer;
-            ValidIssuers = other.ValidIssuers;
-            ValidTypes = other.ValidTypes;
+            ValidIssuers = other.ValidIssuers is not null ? new List<string>(other.ValidIssuers) : null;
+            ValidTypes = other.ValidTypes is not null ? new List<string>(other.ValidTypes) : null;
         }
 
         /// <summary>
@@ -204,11 +204,11 @@ public TimeSpan ClockSkew
         /// <summary>
         /// Returns a new instance of <see cref="TokenValidationParameters"/> with values copied from this object.
         /// </summary>
-        /// <returns>A new <see cref="TokenValidationParameters"/> object copied from this object</returns>
-        /// <remarks>This is a shallow Clone.</remarks>
+        /// <returns>A new <see cref="TokenValidationParameters"/> object copied from this object.</returns>
+        /// <remarks>This is a deep Clone.</remarks>
         public virtual TokenValidationParameters Clone()
         {
-            return new(this)
+            return new TokenValidationParameters(this)
             {
                 IsClone = true
             };

test/Microsoft.IdentityModel.Tokens.Tests/TokenValidationParametersTests.cs

@@ -277,14 +277,22 @@ public void Clone()
             TokenValidationParameters validationParametersClone = validationParameters.Clone();
             IdentityComparer.AreEqual(validationParametersClone, validationParameters, compareContext);
             if (validationParameters.IsClone)
-                compareContext.AddDiff("if (validationParameters.IsClone), IsCone should be false");
+                compareContext.AddDiff("if (validationParameters.IsClone), IsClone should be false");
 
             if (!validationParametersClone.IsClone)
-                compareContext.AddDiff("if (!validationParametersClone.IsClone), IsCone should be true");
+                compareContext.AddDiff("if (!validationParametersClone.IsClone), IsClone should be true");
 
             if (validationParametersClone.InstancePropertyBag.Count != 0)
                 compareContext.AddDiff("validationParametersClone.InstancePropertyBag.Count != 0), should be empty.");
 
+            validationParameters.AlgorithmValidator = ValidationDelegates.AlgorithmValidatorBuilder(false);
+            if (validationParameters.AlgorithmValidator.Equals(validationParametersClone.AlgorithmValidator))
+                compareContext.AddDiff("validationParameters.AlgorithmValidator.Equals(validationParametersClone.AlgorithmValidator)), should not be equal after change.");
+
+            validationParameters.AudienceValidator = ValidationDelegates.AudienceValidatorReturnsFalse;
+            if (validationParameters.AudienceValidator.Equals(validationParametersClone.AudienceValidator))
+                compareContext.AddDiff("validationParameters.AudienceValidator.Equals(validationParametersClone.AudienceValidator)), should not be equal after change.");
+
             TestUtilities.AssertFailIfErrors(compareContext);
         }