37 Commits

Author	SHA1	Message	Date
Joe Grandja	5fb2875f47	AOT hints for authorization server Jackson 3 types should be registered ... Closes gh-18146	2025-11-06 10:14:00 -05:00
Joe Grandja	27ae318992	JdbcRegisteredClientRepository should support Jackson 3 ... Issue gh-17832 Closes gh-18143	2025-11-05 15:27:14 -05:00
Joe Grandja	73840663b9	Polish JdbcOAuth2AuthorizationService	2025-11-05 06:41:41 -05:00
Joe Grandja	e6b4d461e7	Fix OAuth2AuthorizationServerJacksonModule type validator configuration ... Closes gh-18102	2025-10-30 07:19:45 -04:00
Joe Grandja	90855aa128	Missing response_type in POST authorization request returns invalid_request ... Issue https://github.com/spring-projects/spring-authorization-server/issues/2226	2025-10-24 05:55:45 -04:00
Joe Grandja	22cbb13f7d	Add comments to SQL-scripts to ensure robust timezone handling ... Issue https://github.com/spring-projects/spring-authorization-server/pull/2217	2025-10-20 07:12:50 -04:00
Joe Grandja	fc8b6b5863	Return PAR endpoint metadata only when enabled ... Issue https://github.com/spring-projects/spring-authorization-server/issues/2219	2025-10-20 06:06:24 -04:00
Rob Winch	a181733365	Encapsulate GenericHttpMessageConverterAdapter ... This will allow its removal in gh-18073	2025-10-19 17:03:19 -05:00
Rob Winch	5e851e0b26	Remove JdbcOAuth2AuthorizationService.Mapper ... - We should not introduce an unnecessary public API - It would need to be removed when Jackson 2 support was removed, but was required to configure Jackson 3 support - There are already existing interfaces that could be used - OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had unnecessary breaking changes by removing getter/setter for ObjectMapper - To prevent NoClassDefFoundErrors all optional (Jackson) dependencies need to be on different classes & we wish to preserve the existing accessors for ObjectMapper which is this uses subclasses - With added TestAuthenticationTokenMixin support, no need to explicitly add it in tests	2025-10-19 17:03:19 -05:00
Rob Winch	803936cfbe	JacksonDelegate uses SecurityJacksonModules	2025-10-19 17:03:19 -05:00
Rob Winch	50568da1e5	Add Jackson 3 TestingAuthenticationToken Support ... Without this many of the tests fail when using Jackson 3	2025-10-19 17:03:19 -05:00
Sébastien Deleuze	137f8fd670	Add support for JacksonJsonHttpMessageConverter ... This commit introduces classpath checks and instantiation of JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging a new GenericHttpMessageConverterAdapter which allows to adapt SmartHttpMessageConverter to GenericHttpMessageConverter. See gh-17832 Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>	2025-10-19 17:03:19 -05:00
Sébastien Deleuze	48854c3ac9	Deprecate Jackson 2 support ... This commit does not cover webauthn which is a special case (uses jackson sub-package for Jackson 2 support) which will be handled in a distinct commit. See gh-17832 Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>	2025-10-19 17:03:19 -05:00
Sébastien Deleuze	65a14d6c6d	Add Jackson 3 support ... This commit adds support for Jackson 3 which has the following major differences with the Jackson 2 one: - jackson subpackage instead of jackson2 - Jackson type prefix instead of Jackson2 - JsonMapper instead of ObjectMapper - For configuration, JsonMapper.Builder instead of ObjectMapper since the latter is now immutable - Remove custom support for unmodifiable collections - Use safe default typing via a PolymorphicTypeValidator Jackson 3 changes compared to Jackson 2 are documented in https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a and https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md. This commit does not cover webauthn which is a special case (uses jackson sub-package for Jackson 2 support) which will be handled in a distinct commit. See gh-17832 Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>	2025-10-19 17:03:19 -05:00
Joe Grandja	fc795a81d4	PAR uses requested scopes on consent ... Issue https://github.com/spring-projects/spring-authorization-server/pull/2182	2025-10-17 16:14:31 -04:00
Joe Grandja	4b810a8971	Disallow usage of the openid scope in device authorization requests ... Issue https://github.com/spring-projects/spring-authorization-server/pull/2177	2025-10-17 11:41:30 -04:00
Joe Grandja	586081c125	Revert "Temporarily fix integration tests" ... This reverts commit 35f41f87d1. Issue gh-17880	2025-10-10 13:33:42 -04:00
Joe Grandja	1213dbe76f	Fix checkstyle	2025-10-09 13:51:50 -04:00
Joe Grandja	3656e7ad8c	Add tests to OAuth2AuthorizationServerJackson2ModuleTests	2025-10-09 13:23:38 -04:00
Joe Grandja	1cca9c5822	Enable PKCE by default in authorization server ... Closes gh-18020	2025-10-09 09:51:17 -04:00
Joe Grandja	469ed09645	Allow setting Clock in OAuth2TokenGenerator implementations ... Closes gh-18017	2025-10-07 16:34:43 -04:00
Joe Grandja	1d7f4c3b11	Polish javadoc for ClientSettings.requireAuthorizationConsent ... Issue gh-18016	2025-10-07 11:29:10 -04:00
Joe Grandja	baa3b287d6	Add Predicate for authorizationConsentRequired for device code grant ... Introduces customizable Predicate to determine if user consent is required in device authorization flows. Previously, device consent handling used fixed logic. Now applications can define custom logic for skipping or displaying consent pages. Adds OAuth2DeviceVerificationAuthenticationContext and updates OAuth2DeviceVerificationAuthenticationProvider with setAuthorizationConsentRequired method. Fixes gh-18016 Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>	2025-10-07 11:13:30 -04:00
Joe Grandja	51fe7ff737	Return device_code grant metadata when enabled ... Issue gh-17998	2025-10-04 05:38:11 -04:00
Joe Grandja	f3761aff99	Add support for OAuth 2.0 Dynamic Client Registration Protocol ... Closes gh-17964	2025-09-25 16:33:16 -04:00
Joe Grandja	35f41f87d1	Temporarily fix integration tests ... Issue gh-17880	2025-09-12 16:20:44 -04:00
Joe Grandja	098574c50e	Remove redundant classes ... Issue gh-17880	2025-09-12 16:20:43 -04:00
Joe Grandja	cc71be71e5	Move OAuth2AuthorizationServerConfigurer and OAuth2AuthorizationServerConfiguration ... Issue gh-17880	2025-09-12 16:20:42 -04:00
Joe Grandja	b5a4cdc9eb	Polish OAuth2AuthorizationServerJackson2Module ... Issue gh-17880	2025-09-12 16:20:41 -04:00
Joe Grandja	592510c725	Update to @since 7.0 ... Issue gh-17880	2025-09-12 16:20:41 -04:00
Joe Grandja	e5dc46270a	Fix checkstyle ... Issue gh-17880	2025-09-12 16:20:39 -04:00
Joe Grandja	6484d1ae25	Update copyright headers to 2004-present ... The Spring portfolio is changing to use <inception-year>-present in the copyright headers to simplify keeping headers up to date. This commit updates the copyright headers. The copyright headers were updated using the following find/replace: Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors. Replace: Copyright 2004-present the original author or authors. Issue gh-17880	2025-09-12 16:20:39 -04:00
Joe Grandja	a620113264	Add test dependencies ... Issue gh-17880	2025-09-12 16:20:38 -04:00
Joe Grandja	1ff1d88866	Manual move of spring-projects/spring-authorization-server src/test ... Issue gh-17880	2025-09-12 16:20:38 -04:00
Joe Grandja	072f413dd7	Update copyright headers to 2004-present ... The Spring portfolio is changing to use <inception-year>-present in the copyright headers to simplify keeping headers up to date. This commit updates the copyright headers. The copyright headers were updated using the following find/replace: Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors. Replace: Copyright 2004-present the original author or authors. Issue gh-17880	2025-09-12 16:20:37 -04:00
Joe Grandja	327996c964	Add spring-security-oauth2-authorization-server.gradle ... Issue gh-17880	2025-09-12 16:20:36 -04:00
Joe Grandja	745e2153ed	Manual move of spring-projects/spring-authorization-server src/main ... Issue gh-17880	2025-09-12 16:20:36 -04:00