Regression: Unauthorized changed to Forbidden in v2.2

[hbiarge]

We need to double check a change in the behavior of the library related to this

[hbiarge]

Well, I can confirm this is a breaking change after change the way the library is sending the user information.
Previous to this version the DefaultClaimsEncoder class serialized only the ClaimsType and Value of the Claims collection in a very manual way. In this version we changed that in order to include in the serialization all the information a Claim can include. To do this we create an AuthenticationTicket and use the TicketSerializer class to seralize the whole ticket.
As a consequence there is a breaking change when you send an empty collection of claims in the WithIdentity extension method. Before this change, this produced an Unauthorized result, because there is no ClaimsPrincipal created because the empty claims. After this version this produces a Forbidden response, because a ClaimsPrincpal without claims is created, so the request is authenticated but it fails in the authorization process.