UserAuthorization Uses Dictionary Potentially In Unsafe Manner

[clintwar]

Version

Noticed when looking at UserAuthorization code. Latest checked code.

Describe the bug

It is well known that Dictionary is not thread safe. It appears that UserAuthorization accesses a dictionary for both get and set operations. This can lead to potential issues if multiple threads access the dictionary at the same time where one it attempting to get by key and one is attempting to set by key.

To Reproduce
How can we reproduce this error?

If for some reason ExchangeTurnTokenAsync (directly or via GetTurnTokenAsync) would be called while at same time StartOrContinueSignInUserAsync would attempt to acquire a token and use private methods DeleteSignInState or CacheToken this could result in the unsafe dictionary access.

Expected behavior
Accessing the dictionary to set or get by key should be done in a safe manner in multi threaded applications.
Either use a thread safe concurrent dictionary or using some sort of concurrency control.

Screenshots
N/A

Hosting Information (please complete the following information):
This was noticed by reviewing the code.

Additional context
N/A

[tracyboehrer]

It is no big deal to switch to ConcurrentDictionary and maybe prudent. With that said, AgentApplication is transient to the current request. The OAuth flows happen before any routes are selected and serially.