a7b6c63442
Polish gh-16087
2024-12-18 16:48:25 -06:00
9404aaf010
Added a constant for DPOP in OAuth2AccessToken.TokenType
...
Issue gh-14915
2024-12-18 16:44:38 -06:00
018e1ae1a4
Added Serialization Values
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
b9911fd522
Add serialVersionUID to Authentication classes
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
39cd8d9faf
Update copyright headers
2024-12-05 14:52:59 -07:00
77233daae7
Merge branch '6.3.x'
...
Closes gh-16139
2024-11-20 15:55:57 -06:00
4b41f8cb5b
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16138
2024-11-20 15:54:29 -06:00
0eb6acde96
Polish gh-16133
2024-11-20 15:50:29 -06:00
73f3f75712
Always return current ClientRegistration in `loadAuthorizedClient`
...
This changes `InMemoryOAuth2AuthorizedClientService.loadAuthorizedClient`
(and its reactive counterpart) to always return `OAuth2AuthorizedClient`
instances containing the current `ClientRegistration` as obtained from
the `ClientRegistrationRepository`.
Before this change, the first `ClientRegistration` instance was cached,
with the effect that any changes made in the `ClientRegistrationRepository`
(such as a new client secret) would not have taken effect.
Closes gh-15511
2024-11-20 15:50:29 -06:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
ca1f891f25
Polish gh-15937
2024-11-13 15:53:59 -06:00
aec5afb6eb
Fix assertions in NimbusReactiveJwtDecoderTests
2024-11-13 15:53:59 -06:00
380e856be5
Merge branch '6.3.x'
...
Closes gh-16037
2024-11-04 13:34:57 -06:00
b9d5493913
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16036
2024-11-04 13:34:42 -06:00
86f3cd6dc7
Polish gh-15940
...
Closes gh-15885
2024-11-04 13:34:12 -06:00
4c6fef82b9
Fix error when Bearer token is requested with empty string
...
Issue gh-15885
2024-11-04 13:33:58 -06:00
ab93541926
Simplify condition in some methods
2024-10-25 13:42:33 -07:00
e76de931ce
Polish Optional usage
2024-10-25 13:42:33 -07:00
ffed4ea1dc
Polish diamond usage
2024-10-25 13:42:33 -07:00
8a972917fa
Deprecate Nimbus(Reactive)OpaqueTokenIntrospector
...
Issue gh-14245
2024-10-22 21:21:07 -07:00
dab6950231
Move parametersCustomizer
...
The parametersCustomizer was introduced in 6.4.0-M4 with
DefaultOAuth2TokenRequestParametersConverter. However, it cannot be
applied to all parameters and so does not fully solve gh-11298.
This commit moves the customizer to the abstract class so it can be
applied to all parameters.
Closes gh-15939
2024-10-18 12:22:09 -05:00
31f8caec5f
Polish diamond operator usage
2024-10-14 11:51:35 -07:00
a3fd551fb5
Add ClientRegistrations.fromOidcConfiguration method
...
ClientRegistrations now provides the fromOidcConfiguration
method to create a ClientRegistration.Builder from a map
representation of an OpenID Provider Configuration Response.
This is useful when the OpenID Provider Configuration is not
available at a well-known location, or if custom validation
is needed for the issuer location (e.g. if the issuer is only
reachable via a back-channel URI that is different from the
issuer value in the configuration).
Fixes: gh-14633
2024-10-02 15:11:01 -05:00
f5991ae176
Allow access token request parameters to override defaults
...
Closes gh-11298
2024-10-02 12:05:42 -05:00
9ba2435cb2
Support refresh token for Token Exchange
...
Closes gh-15534
2024-09-27 15:57:57 -05:00
e11c188122
Customize the strategy for resolving the principal
...
Closes gh-15826
2024-09-27 15:39:56 -05:00
b06c40d9ef
Add ExpressionJwtGrantedAuthoritiesConverter to extract authorities with an expression
...
This helps to reduce custom code necessary to extract roles from deeply
nested claims.
Closes #15201
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-23 16:59:59 -07:00
1a97d07079
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15829
2024-09-19 16:23:08 -05:00
551c483ee6
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15828
2024-09-19 16:22:37 -05:00
7b7a3044cf
Polish gh-15533
2024-09-19 16:13:03 -05:00
8a791028b1
Fix array values of additionalParameters
...
Closes gh-15468
2024-09-19 16:10:00 -05:00
42d9f146d2
Polish gh-15533
2024-09-19 16:05:39 -05:00
24dbc5de53
Fix array values of additionalParameters
...
Closes gh-15468
2024-09-19 16:05:39 -05:00
c1a303bc92
Add tests for overriding parameters
...
Issue gh-15298
Issue gh-11298
2024-09-19 13:01:09 -05:00
5d8cf6a8bc
Polish gh-13588
2024-09-19 12:08:48 -05:00
2c9c309d7f
Provide Casting for ReactiveJwtDecoder
...
Closes gh-15773
2024-09-17 13:54:35 -07:00
63f018eb18
Update tests using deprecated classes
...
Issue gh-15737
2024-09-10 15:10:42 -05:00
7490a8162b
Deprecate default OAuth2AccessTokenResponseClients
...
Closes gh-15737
2024-09-10 15:10:41 -05:00
2cead9b73f
Add RestClient implementations
...
Issue gh-15298
2024-09-10 15:10:41 -05:00
912062d307
Merge branch '6.2.x' into 6.3.x
2024-08-19 09:11:10 -03:00
79fb0113c8
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
2caf1fb6b4
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
e3c19ba86c
Add RestClient interceptor
...
Closes gh-13588
2024-08-16 17:15:18 -05:00
b6ce40980d
Merge branch '6.3.x'
2024-07-22 15:34:34 -06:00
d887c7882d
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15460
2024-07-22 15:34:18 -06:00
4406462346
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15459
2024-07-22 15:34:08 -06:00
5c1a108b8b
Remove Stray JavaDoc Statement
...
As of the 5.2 release, a separate registrar bean was no longer necessary
Closes gh-15425
2024-07-22 15:33:57 -06:00
df76537470
Update Formatting
...
Issue gh-15338
2024-07-18 16:39:30 -07:00
e69e0eb245
Check for null Name Attribute Value
...
Closes gh-15338
2024-07-18 16:39:30 -07:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
077439c73e
Fix typo in JwtDecoder
2024-06-05 17:38:12 -06:00
3acd2c65d9
Add since 6.4
...
Issue gh-15012
2024-06-04 13:44:33 -05:00
7c45ebd81c
Polish gh-15012
2024-06-03 17:02:38 -05:00
99aee99b34
Expose user name attribute name in `OAuth2UserAuthority`
2024-06-03 12:30:34 -05:00
db9f5935ae
Merge branch '6.2.x' into 6.3.x
2024-05-29 16:24:05 -05:00
5a1d261ce0
Merge branch '5.8.x' into 6.2.x
2024-05-29 16:23:37 -05:00
e34621ec2c
Polish gh-14977
2024-05-29 16:23:00 -05:00
1695d03b72
Assert WebSession is not null
...
Issue gh-14975
2024-05-29 14:55:37 -05:00
dd5edeb255
Preserve ArrayListFromString Type
...
Closes gh-15165
2024-05-28 12:43:57 -06:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
2598bf8c37
Polish gh-14859
2024-04-29 15:07:45 -05:00
d0adb2aa70
Simplify Disabling Encoding Client ID and Secret
...
Closes gh-11440
2024-04-29 14:46:12 -05:00
05d3beb6a8
Polish gh-13648
2024-04-18 16:17:49 -05:00
b69939c1e5
Getters for OAuth2AuthorizedClientId properties
...
Expose getters for principalName and clientRegistrationId which compose an OAuth2AuthorizedClientId
2024-04-18 16:10:39 -05:00
24fd19b107
Add Default Timeout to JwtDecoders RestTemplate
...
Closes gh-14269
2024-04-18 14:40:18 -06:00
8dd28b797a
Update to BouncyCastle 1.78
...
Closes gh-14910
2024-04-15 15:32:08 -06:00
b1b84f9b8a
Revert "Support overriding RestOperations in OidcIdTokenDecoderFactory"
...
This reverts commit 9c352c4b4b
2024-04-11 14:29:59 -06:00
5a50bfccac
Revert "Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory"
...
This reverts commit 0041c658de
2024-04-11 14:29:59 -06:00
9a7f1aa4d9
Add ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth
...
Closes gh-14889
2024-04-11 15:15:11 -04:00
644cfa9f87
Add Jwt validator for the X509Certificate thumbprint claim
...
Closes gh-10538
2024-04-11 12:35:52 -04:00
d269176781
Merge branch '6.2.x'
2024-04-04 17:07:03 -06:00
01f299f7ab
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14848
2024-04-04 16:56:11 -06:00
ef00312991
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14847
2024-04-04 16:55:52 -06:00
0af0751cfd
Treat Map Method Parameter as Immutable
...
Closes gh-14802
2024-04-04 16:44:14 -06:00
ee42ad2c8c
Polish JwtValidators
...
Closes gh-14831
2024-04-02 16:04:43 -06:00
ff19f04fca
Add JwtValidators append to default
...
Implemented simplified creation of default OAuth2TokenValidator with additional validators.
Closes gh-14831
2024-04-02 14:41:35 -07:00
b648a24f5f
Polish Type Conversion API
...
Issue gh-6245
2024-04-01 16:14:21 -06:00
0078462e41
Make constant public
...
Issue gh-5199
2024-03-15 15:27:42 -05:00
9728f28380
Add additional constants to OAuth2ParameterNames
...
These additional constants are used for optional parameters in the
Access Token Request for the OAuth 2.0 Token Exchange Grant.
Issue gh-5199
2024-03-15 15:27:42 -05:00
e52dd81d03
Customize mapping the OidcUser
...
Closes gh-14672
2024-03-07 15:45:39 -06:00
85c3d0ab13
Add reactive support for OAuth 2.0 Token Exchange Grant
...
Issue gh-5199
2024-03-06 16:02:58 -06:00
d2fe9094a9
Add servlet support for OAuth 2.0 Token Exchange Grant
...
Issue gh-5199
2024-03-06 16:02:58 -06:00
07ac0b616b
Introduce Customizable AuthorizationFailureHandler
...
Closes gh-13793
2024-03-01 13:11:46 -06:00
21580fd27d
Merge branch '6.2.x'
2024-02-16 13:31:20 -03:00
15306c1007
Merge branch '6.1.x' into 6.2.x
2024-02-16 13:21:15 -03:00
750cb30ce4
Add AuthenticationTrustResolver.isAuthenticated
2024-02-16 13:08:29 -03:00
96e3e4f8b1
Customize when user info is called
...
Closes gh-13259
2024-02-13 12:34:20 -06:00
e77126740d
Add ReactiveOidcIdTokenDecoderFactory#setWebClientResolver
...
Closes gh-13274
2024-02-01 10:04:06 -07:00
d7599ab192
Polish setAttributesConverter
...
- Add Tests
- Add Reactive Support
Issue gh-14186
2024-01-30 14:37:20 -07:00
04f0f2597a
Polish DefaultOAuth2UserService
...
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2024-01-30 14:37:20 -07:00
d9d22c75a2
Add support for nested username attribute in DefaultOAuth2User
...
Closes gh-14186
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2024-01-30 14:37:20 -07:00
01b7ad42ec
Merge branch '6.2.x'
2024-01-25 17:33:33 -07:00
84c45adc70
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14496
2024-01-25 17:33:15 -07:00
44f22ee5cf
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14495
2024-01-25 17:32:57 -07:00
ca10187fd1
Enhance JWT decoding error handling
...
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality.
Closes gh-14467
2024-01-25 17:32:10 -07:00
7ee974445b
Update Checkstyle
...
Issue gh-14178
2024-01-22 08:44:54 -07:00
04394a63cd
Update Formatting
...
Issue gh-14178
2024-01-22 08:26:25 -07:00
1e90bdfc0b
Update Copyright
...
Issue gh-14178
2024-01-19 09:26:04 -07:00
9c352c4b4b
Support overriding RestOperations in OidcIdTokenDecoderFactory
...
Closes gh-14178
2024-01-19 09:24:56 -07:00
0041c658de
Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory
...
Closes gh-14178
2024-01-19 09:24:56 -07:00
9135cb4fbf
Merge branch '6.2.x'
...
Closes gh-14406
2024-01-05 07:53:50 -03:00
acaf9ce7e9
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14405
2024-01-05 07:53:43 -03:00
d032b23ab7
Make OAuth2AuthorizationExchange serializable
...
Closes gh-14402
2024-01-05 07:53:28 -03:00
1b39c1248a
Merge branch '6.2.x'
2023-12-11 10:21:18 -07:00
966c01fa90
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14278
2023-12-11 10:21:00 -07:00
c4a99fc942
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14277
2023-12-11 10:20:38 -07:00
e896b14046
Dropped Nimbus Error Message
...
Closes gh-13730
2023-12-11 10:19:02 -07:00
10d88cdf28
Polish Introspection Authentication Converter
...
- Added Reactive Support
- Separated SCOPE claim and authorities work
- Adjusted for style
Issue gh-14198
2023-12-07 15:13:51 -07:00
8279b22940
Add Introspection Authentication Converter
...
Closes #14198
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2023-12-07 15:13:51 -07:00
8e93e4715f
Fix typo in getClaimAsMap docstring
2023-11-22 14:02:17 -03:00
e3ab1c94d7
Use assertj assertions
2023-11-17 09:04:50 -03:00
a7da9491d9
Use assertj assertions
2023-11-17 09:03:36 -03:00
447f40949c
Revert unnecessary merges on 6.1.x
...
This commit removes unnecessary main-branch merges starting from
9f8db22b774d6ff49b9ded6ff670d1c823b0079444fad21363
2023-10-31 15:22:15 -05:00
9db33f33c7
Revert unnecessary merges on 6.0.x
...
This commit removes unnecessary main-branch merges starting from
8750608b5b5dce82c48b
2023-10-31 15:11:45 -05:00
975ac10f19
Merge branch '6.1.x'
...
Closes gh-14042
2023-10-19 16:44:03 -05:00
b4e0873b1e
Merge branch '6.0.x' into 6.1.x
...
Closes gh-14041
2023-10-19 16:43:21 -05:00
bb732e9d35
Merge branch '5.8.x' into 6.0.x
...
Closes gh-14040
2023-10-19 16:40:34 -05:00
5161712c35
Polish gh-13976
...
Closes gh-13757
2023-10-19 16:40:23 -05:00
a6b872dcf3
Fix caching error state in ReactiveRemoteJWKSource
2023-10-19 16:40:13 -05:00
0e30b923f8
Check for null value with the appropriate assertion method
2023-10-03 08:16:21 -06:00
c7ea8c6ac7
Fix Formatting
...
Issue gh-13654
2023-10-02 17:47:37 -06:00
a3227f041c
Polish OAuth2AuthorizationManagers
...
- Add OAuth2ReactiveAuthorizationManagers
- Code to interfaces
- Align error message with the same in
AuthorityAuthorizationManager
- Adjust expectations in tests to confirm an
appropriately constructed authorizaion manager
- Add JavaDoc and reference documentation
Issue gh-13654
2023-10-02 17:26:06 -06:00
2ee8f27997
Fix imports
2023-10-02 17:23:49 -06:00
97ec5c921e
Fix imports in tests
2023-10-02 17:23:49 -06:00
e1db108cb9
Improvements and unit tests.
2023-10-02 17:23:49 -06:00
5e0ea6ce8a
Fix formatting
2023-10-02 17:23:49 -06:00
35e5533a4b
Fix formatting
2023-10-02 17:23:49 -06:00
e99b37a6cb
Fix build
2023-10-02 17:23:49 -06:00
19ae3a765d
Make class final
2023-10-02 17:23:49 -06:00
141605cb24
Fix check build issues
2023-10-02 17:23:49 -06:00
926f4a75ba
Set the import order correctly
2023-10-02 17:23:49 -06:00
81a708e25f
Closes #13754 Add hasScope and hasAnyScope for authorization rules
2023-10-02 17:23:49 -06:00
07b6c451fd
Merge branch '6.1.x'
...
Closes gh-13884
2023-09-29 11:47:38 -03:00
8adfc9b463
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13883
2023-09-29 11:46:48 -03:00
92c82191c9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13882
2023-09-29 11:46:00 -03:00
64e2a2ff8b
Apply updated Code Style
...
Closes gh-13881
2023-09-29 11:44:32 -03:00
cb33fd7850
Add OIDC Back-Channel Logout Support
...
Closes gh-12570
2023-09-16 15:12:21 -06:00
5535d17172
Merge branch '6.1.x'
...
Closes gh-13807
Closes gh-13803
Closes gh-13802
2023-09-12 18:55:42 -05:00
9df9cb5aed
refactor: AssertJ best practices
...
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D
Co-authored-by: Moderne <team@moderne.io>
2023-09-12 16:18:14 -06:00
74dc3fd7b1
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13799 in 6.1.x
Closes gh-13801
2023-09-12 17:02:48 -05:00
771d9cd8b6
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13799
2023-09-12 17:00:47 -05:00
9b7a110704
Fix OAuth2AuthenticationExceptionMixinTests on JDK 17
...
Closes gh-11893
2023-09-12 16:51:47 -05:00
fed3de8dce
Remove Logging of Untrusted Data
2023-08-08 10:02:42 -06:00
3307c656f4
Polish
...
- Added JavaDoc @since attribute
- Added Predicate based test
- Adjusted test names
Issue gh-13427
2023-08-08 10:02:42 -06:00
e1bae73703
add factory methods for Jwt issuer resolvers
...
Closes gh-13427
2023-08-08 10:02:42 -06:00
7a713cab6f
improve performance of Jwt issuer resolvers
2023-08-08 10:02:42 -06:00
da35fa0485
make logging consistent for Jwt issuer resolvers
2023-08-08 10:02:42 -06:00
af00be8a3d
fix Javadocs for Jwt issuer resolvers
2023-08-08 10:02:42 -06:00
6c3636d780
Update Removed Usages
...
Issue gh-13544
2023-07-14 18:38:58 -06:00
4c33d53385
Add SupplierClientRegistrationRepository
...
Closes gh-12967
2023-07-12 15:53:22 -06:00
a77ef9ecf4
Add ClientAuthenticationMethod#toString
...
Closes gh-13497
2023-07-12 14:24:26 -06:00
80a0ade3e3
Merge branch '6.1.x'
...
Closes gh-13499
2023-07-12 14:16:08 -06:00
8642a170e8
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13498
2023-07-12 14:15:53 -06:00
dbf0c66301
Fix Client Authentication Method Error Message
...
Closes gh-13496
2023-07-12 14:15:31 -06:00
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
b09a228eaf
Make class `OidcClientInitiatedLogoutSuccessHandler` extensible
2023-06-22 11:19:39 -06:00
00cf5edef2
Merge branch '6.0.x'
...
Closes gh-13309
2023-06-12 15:14:24 -06:00
5f26daedcb
Error On Unsupported Client Authentication Methods
...
Closes gh-13144
2023-06-12 15:13:13 -06:00
f843232d84
Merge branch '6.0.x'
...
Closes gh-13223
2023-05-24 15:32:12 -06:00
69b17f3d3f
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13222
2023-05-24 15:29:39 -06:00
c1002ff745
Improve Error Handling
...
Closes gh-13143
2023-05-24 15:29:15 -06:00
76eba9bd0c
Add withIssuerLocation
...
Closes gh-10309
2023-04-12 16:36:15 -06:00
9ee8202625
Merge branch '6.0.x'
...
Closes gh-13006
2023-04-12 12:50:19 -06:00
b423db5f93
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13005
2023-04-12 12:46:11 -06:00
28be37238d
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13004
2023-04-12 12:45:28 -06:00
c4e9fb885d
Delay JWSVerificationKeySelector Construction
...
Updating the NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder processor to execute the ConfigurableJWTProcessor customizations before holding a reference to the JWSKeySelector.
Closes gh-12960
2023-04-12 12:45:00 -06:00
6f8ec3df60
Ensure access token isn't resolved from query for form-encoded requests
...
Closes gh-5668
2023-04-10 17:06:47 -06:00
64a1ad5cd6
Merge branch '5.8.x' into 6.0.x
2023-04-04 13:32:34 -06:00
5ffebaf12b
Merge branch '5.7.x' into 5.8.x
2023-04-04 13:32:04 -06:00
39cee36065
Use SingletonSupplier
...
Issue gh-9991
2023-04-04 13:25:31 -06:00
88540aa52f
Use SingletonSupplier
...
Issue gh-9991
2023-04-04 13:23:03 -06:00
f0ef54050e
Add ability to set principalClaimName in ReactiveJwtAuthenticationConverter
...
Closes #12907
2023-03-27 16:43:30 -06:00
55224b58e0
Polish gh-12853
2023-03-20 15:47:00 -04:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
8c17b978c8
Add support for device authorization response
...
Closes gh-12852
2023-03-08 17:07:56 -06:00
613b16c247
NimbusReactiveJwtDecoder support mono chain
...
Supports reactive exception handling when using PublicKeyReactiveJwtDecoderBuilder and SecretKeyReactiveJwtDecoderBuilder
2023-02-07 13:37:23 -07:00
b237d7ee38
Merge branch '6.0.x'
...
Closes gh-12621
2023-02-03 12:31:08 -03:00
7409d14504
fix javax.json.bind.Jsonb to jakarta.json.bind.Jsonb
...
Closes gh-12616
2023-02-03 12:30:17 -03:00
e7fb6d2e14
Merge branch '6.0.x'
...
Closes gh-12496
2023-01-06 12:56:45 -07:00
748e912685
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12495
2023-01-06 12:56:21 -07:00
5e1db6a771
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12494
2023-01-06 12:55:43 -07:00
225dc593a8
Polish NimbusJwtDecoderTests
...
- Add missing mock
Closes gh-12238
2023-01-06 12:53:36 -07:00
e0e9455f78
Merge branch '6.0.x'
...
Closes gh-12441
2022-12-19 16:01:26 -07:00
7bd6deccc3
Revert "Disable Some R2dbc Tests"
...
This reverts commit 813179931a
2022-12-19 15:42:22 -07:00
7ad4ebd07a
Allow authentication details to be set by converter
...
Prevent JwtAuthenticationProvider from setting authentication details
when jwtAuthenticationConverter returned an authentication instance
with non null details.
Closes gh-11822
2022-12-12 18:55:08 -06:00
7561a02cdd
Merge branch '6.0.x'
2022-12-05 11:13:43 -07:00
813179931a
Disable Some R2dbc Tests
...
Issue gh-12339
2022-12-05 11:13:15 -07:00
cd0f02de49
Polish authorities claim delimiter
...
PR gh-12074
2022-12-02 14:30:31 -07:00
9c9fd9f4bd
Add configurable authorities split regex
...
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
Closes gh-12074
2022-12-02 14:30:30 -07:00
b22bc42bb0
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12325
2022-11-30 14:50:51 -07:00
29c00905ce
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12324
2022-11-30 14:49:26 -07:00
667cab6cda
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12323
2022-11-30 14:38:16 -07:00
52c7141aac
Save Request Before Response Is Committed
...
Specifically important for cookie-based authorization request
repositories.
Closes gh-11602
2022-11-30 14:33:08 -07:00
bb3d92e33a
Update r2dbc-h2 to 1.0.0.RELEASE
...
Closes gh-12251
2022-11-18 23:04:38 -06:00
4e88623873
Polish gh-12087 in 6.0
2022-11-17 14:31:44 -06:00
a3d35ecf3c
Merge branch '5.8.x'
...
Closes gh-12234
2022-11-17 14:27:41 -06:00
52888d6206
Warn when AuthorizationGrantType does not match
...
Log a warning when AuthorizationGrantType does not exactly match a
pre-defined constant.
Closes gh-11905
2022-11-17 14:17:54 -06:00
ce065a87da
Merge branch '5.8.x'
...
Closes gh-12207
2022-11-14 12:25:05 -06:00
71eb71d185
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12206
2022-11-14 12:11:59 -06:00
67a1f0836b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12205
2022-11-14 12:10:55 -06:00
fde26e003a
Request user info when AS returns no scopes
...
Closes gh-12144
2022-11-10 16:29:43 -06:00
5fe59cc635
Revert "Add configurable authorities split regex"
...
This reverts commit e93ed6d94c
2022-11-01 17:39:26 -06:00
e93ed6d94c
Add configurable authorities split regex
...
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
2022-11-01 17:38:47 -06:00
cca999c57d
Merge remote-tracking branch 'origin/5.8.x'
2022-11-01 13:46:08 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
801ceb0832
Merge branch '5.8.x'
2022-10-31 08:58:14 -05:00
66f2f1cde7
Merge branch '5.7.x' into 5.8.x
2022-10-31 08:55:03 -05:00
2915a70bf7
Merge branch '5.6.x' into 5.7.x
2022-10-28 13:05:48 -05:00
26a51ee198
Merge branch '5.5.x' into 5.6.x
2022-10-28 11:15:33 -05:00
e7fe778abc
Merge branch '5.4.x' into 5.5.x
2022-10-28 11:13:33 -05:00
3e2ac82612
Merge branch '5.3.x' into 5.4.x
2022-10-28 11:10:39 -05:00
5560bbaa80
Merge branch '5.2.x' into 5.3.x
2022-10-28 11:07:51 -05:00
75004587a4
Fix scope mapping
...
Issue gh-12101
2022-10-28 11:00:27 -05:00
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
...
Closes gh-9429
2022-10-13 20:03:03 -06:00
5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x'
2022-10-13 19:48:05 -06:00
099aaa33ff
Remove Deprecation Markers
...
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
2022-10-13 19:47:22 -06:00
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
...
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
14584b0562
Add SecurityContextHolderStrategy to OAuth2
...
Issue gh-11060
2022-10-05 23:50:54 -06:00
7f0140278e
Add native hint for OAuth2 Client's schemas
...
Closes gh-11920
2022-09-29 10:01:51 -03:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
7527fd811c
Merge branch '5.8.x'
2022-09-26 09:56:55 -05:00
bbac85e20b
Reduce severity of invalid registrationId to warn
...
This prevents filling the log file with error messages when routine
scans are being performed.
Closes gh-11344
2022-09-26 09:56:20 -05:00
ae6fb8c681
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 16:31:22 -06:00
37a160245f
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-23 16:31:21 -06:00
53dbcfd457
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 12:06:59 -06:00
3c66ef6305
Change default SecurityContextRepository
...
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.
Closes gh-11026
2022-09-22 17:31:14 -05:00
70460ca009
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-20 17:44:05 -06:00
fee1ffa422
Fix JSONObject and JSONArray imports in tests
...
Issue gh-11858
2022-09-16 15:57:43 -03:00
67a00bcaa0
Fix JSONObject and JSONArray imports in tests
2022-09-16 13:38:57 -05:00
c6458c35aa
Merge branch '5.8.x'
2022-09-14 15:12:21 -05:00
bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts
2022-09-14 15:10:34 -05:00
2431dd1103
Merge branch '5.8.x'
2022-09-13 17:38:10 -05:00
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
f84f08c4b9
Default HttpSessionRequestCache.matchingRequestParameterName=continue
...
Closes gh-11757
2022-08-26 14:44:55 -05:00
32dbaceec5
Fix mockito 4.7.0 merge
...
Issue gh-11748
2022-08-24 08:58:00 -05:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
7c7f9380c7
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:54:45 -05:00
888715bbb2
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:54:45 -05:00
53a3ff8932
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:53:45 -05:00
77d11a3f9f
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:53:44 -05:00
51dc672625
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:48:42 -05:00
d1c742d7aa
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:48:41 -05:00
9c02e835e8
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:42:57 -05:00
Steve Riesenberg
ThomasKasene
Josh Cummings
Tran Ngoc Nhan
Kai Zander
Joe Grandja
Davide Colazingari
Hyeongi Jeong
Josh Cummings
Giovanni Lovato
Thomas Darimont
陈圳佳
Marcus Hert Da Coregio
Daniel Garnier-Moiroux
rio
MateuszLenczewski
Filip Hrisafov
JANG
Crain-32
ch4mpy
MrJovanovic13
Joe Grandja
Max Batischev
greg.lee
Rob Winch
ubaid4j
ahmd-nabil
Hans Lindner
Armin Krezović
Candelario
Parker Mauney
Steve Riesenberg
Veli Döngelci
Valeriy Vyrva
Mario Petrovski
Mario Petrovski
Tim te Beek
Baljit Singh
Justin Tay
Claudio Nave
Krzysztof Krason
Kevin Yue
Nick Meverden
Vedran Pavic
Marcus Kainth
Geon Park
luamas
Jon Kjennbakken
Patrick Walter
이경욱
Michael Sosa
Ger Roza
Daniel Garnier-Moiroux
tinolazreg