We want to match our requirements with the oidc handler in asp.net. As of today, the latest version is 8.0.3, which depends on wilson >= 7.1.2

https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/8.0.3#dependencies-body-tab

6.0.26 of the asp.net packages was the first version to depend on wilson 6.35.0.
We want wilson 6.35 because it contains security fixes. We don't depend on anything more recent than that, so we can keep our requirements as relaxed possible beyond that.

We take the earliest version that doesn't have a known security vulnerability, so we go with 8.0.1 to ensure that our transitive dependency on the wilson JWT library is at least 7.1.2.

IdentityServer depends on version 8.0.3 of the oidc auth handler, while
we only use 8.0.1. This is normally fine, but if we explicitly take a
dependency on both the handler at version 8.0.1 and identity server,
then our explicit dependency is a downgrade of what identity server
wants, producing a warning. We don't actually need the explicit
dependency, and removing it fixes the build.