adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
2025-03-17 14:16:44 -05:00
0938ca01a4
Add support for automatic context-propagation with Micrometer
...
Closes gh-16665
2025-03-13 15:29:08 -05:00
401e237082
Introduce JwtAudienceValidator
...
Signed-off-by: Vedran Pavic <vedran@vedranpavic.com>
2025-02-28 12:38:18 -07:00
7df85a2ed9
Polish NimbusJwtDecoder
2025-02-27 12:40:01 -07:00
ab43a660b9
Add RFC 9068 Support
...
Closes gh-13185
2025-02-27 12:40:01 -07:00
81e2fd2fe8
Add Type Validation
...
Closes gh-16672
2025-02-27 12:40:01 -07:00
eb5252c4f0
Merge branch '6.4.x'
2025-02-24 17:03:13 -07:00
2bd3cadde8
Use possessive pronoun rather contraction
...
Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
2025-02-24 17:02:45 -07:00
bfce6e438d
Add fourth oauth grant type to javadoc
...
Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
2025-02-24 17:02:45 -07:00
b6c813c5a2
ClientRegistrations supports hostnames with underscores
...
Issue gh-15852
2025-02-20 16:54:24 -07:00
3d15be1b06
JwtDecoders Supports Hostnames with Underscores
...
In the process of verifying gh-15852, another issue with URI was discovered.
This commit adds tests to the uri-computing methods and changes them to use
UriComponents instead of URI.
Issue gh-15852
2025-02-20 16:54:24 -07:00
0cd6a19b87
Avoid UriComponentsBuilder.fromUri
...
Closes gh-15852
2025-02-20 16:54:24 -07:00
7fc5d50adf
Polish gh-16551
2025-02-19 13:53:30 -06:00
00cd95be76
Add setRedirectStrategy to OidcClientInitiatedServerLogoutSuccessHandler
...
Closes gh-16556
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-19 13:53:30 -06:00
6793334575
Polish setJwkSelector
...
Make so that it runs only when selection is needed.
Require the provided selector be non-null.
Add Tests.
Issue gh-16170
2025-02-18 09:14:45 -07:00
e22bc11cc9
Support JWK Selection Strategy
...
Closes gh-16170
Signed-off-by: douxiaofeng99 <18600127780@163.com>
2025-02-18 09:14:45 -07:00
2480d41981
Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP)
...
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
2025-02-11 14:10:23 -05:00
11113adf62
Polish Nimbus JWK Source Implementation
...
Issue gh-16251
2025-02-05 09:28:07 -07:00
7b7abb28bb
Remove Deprecated Usages of RemoteJWKSet
...
Closes gh-16251
Signed-off-by: Daeho Kwon <trewq231@naver.com>
2025-02-05 09:28:07 -07:00
f9824fd688
Polish Tests
...
Issue gh-16251
2025-02-05 09:28:07 -07:00
e5ea75f7f4
Implement Serial
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-01-21 18:14:52 -06:00
004f38639d
Move ClientSettings to ClientRegistration
...
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration
Issue gh-16382
# Conflicts:
# oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
2025-01-17 17:26:48 -06:00
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works
...
Issue gh-16382
2025-01-17 17:26:48 -06:00
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE
...
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.
Issue gh-16382
2025-01-17 17:26:47 -06:00
ab629cc1ca
Add AuthorizationGrantType.toString()
...
This adds AuthorizationGrantType.toString() which makes debuging easier.
In particular, it will help when performing unit tests which validate the
AuthorizationGrantType.
Issue gh-16382
2025-01-17 17:26:47 -06:00
b0a4dcb89e
ClientSettings equals, hashCode, toString
...
Issue gh-16382
2025-01-17 17:26:47 -06:00
2665a92107
Ensure that ClientSettings cannot be null
...
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.
Issue gh-16382
2025-01-17 17:26:47 -06:00
0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support
...
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.
Issue gh-16382
2025-01-17 17:26:46 -06:00
8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE
...
Closes gh-16382
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-17 17:26:46 -06:00
aced3bcf16
Encode Introspection clientId and clientSecret
...
Closes gh-15988
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-01-16 16:32:01 -07:00
ed3f3d17b2
Add support customizing redirect URI
...
Closes gh-14778
2025-01-16 14:14:11 -07:00
6019803064
Merge branch '6.4.x'
2025-01-14 18:38:14 -07:00
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
2025-01-14 18:37:53 -07:00
0af4cdbf5c
Merge branch '6.4.x'
2025-01-14 17:05:21 -07:00
8735368d9e
Don't Support Serialization of Jackson Modules
...
Issu gh-16276
2025-01-14 17:04:36 -07:00
6bc6946ad9
Make TokenType constructor public
...
Closes gh-16086
2024-12-18 16:51:47 -06:00
a7b6c63442
Polish gh-16087
2024-12-18 16:48:25 -06:00
9404aaf010
Added a constant for DPOP in OAuth2AccessToken.TokenType
...
Issue gh-14915
2024-12-18 16:44:38 -06:00
018e1ae1a4
Added Serialization Values
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
b9911fd522
Add serialVersionUID to Authentication classes
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
39cd8d9faf
Update copyright headers
2024-12-05 14:52:59 -07:00
77233daae7
Merge branch '6.3.x'
...
Closes gh-16139
2024-11-20 15:55:57 -06:00
4b41f8cb5b
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16138
2024-11-20 15:54:29 -06:00
0eb6acde96
Polish gh-16133
2024-11-20 15:50:29 -06:00
73f3f75712
Always return current ClientRegistration in `loadAuthorizedClient`
...
This changes `InMemoryOAuth2AuthorizedClientService.loadAuthorizedClient`
(and its reactive counterpart) to always return `OAuth2AuthorizedClient`
instances containing the current `ClientRegistration` as obtained from
the `ClientRegistrationRepository`.
Before this change, the first `ClientRegistration` instance was cached,
with the effect that any changes made in the `ClientRegistrationRepository`
(such as a new client secret) would not have taken effect.
Closes gh-15511
2024-11-20 15:50:29 -06:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
ca1f891f25
Polish gh-15937
2024-11-13 15:53:59 -06:00
aec5afb6eb
Fix assertions in NimbusReactiveJwtDecoderTests
2024-11-13 15:53:59 -06:00
380e856be5
Merge branch '6.3.x'
...
Closes gh-16037
2024-11-04 13:34:57 -06:00
b9d5493913
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16036
2024-11-04 13:34:42 -06:00
86f3cd6dc7
Polish gh-15940
...
Closes gh-15885
2024-11-04 13:34:12 -06:00
4c6fef82b9
Fix error when Bearer token is requested with empty string
...
Issue gh-15885
2024-11-04 13:33:58 -06:00
ab93541926
Simplify condition in some methods
2024-10-25 13:42:33 -07:00
e76de931ce
Polish Optional usage
2024-10-25 13:42:33 -07:00
ffed4ea1dc
Polish diamond usage
2024-10-25 13:42:33 -07:00
8a972917fa
Deprecate Nimbus(Reactive)OpaqueTokenIntrospector
...
Issue gh-14245
2024-10-22 21:21:07 -07:00
dab6950231
Move parametersCustomizer
...
The parametersCustomizer was introduced in 6.4.0-M4 with
DefaultOAuth2TokenRequestParametersConverter. However, it cannot be
applied to all parameters and so does not fully solve gh-11298.
This commit moves the customizer to the abstract class so it can be
applied to all parameters.
Closes gh-15939
2024-10-18 12:22:09 -05:00
31f8caec5f
Polish diamond operator usage
2024-10-14 11:51:35 -07:00
a3fd551fb5
Add ClientRegistrations.fromOidcConfiguration method
...
ClientRegistrations now provides the fromOidcConfiguration
method to create a ClientRegistration.Builder from a map
representation of an OpenID Provider Configuration Response.
This is useful when the OpenID Provider Configuration is not
available at a well-known location, or if custom validation
is needed for the issuer location (e.g. if the issuer is only
reachable via a back-channel URI that is different from the
issuer value in the configuration).
Fixes: gh-14633
2024-10-02 15:11:01 -05:00
f5991ae176
Allow access token request parameters to override defaults
...
Closes gh-11298
2024-10-02 12:05:42 -05:00
9ba2435cb2
Support refresh token for Token Exchange
...
Closes gh-15534
2024-09-27 15:57:57 -05:00
e11c188122
Customize the strategy for resolving the principal
...
Closes gh-15826
2024-09-27 15:39:56 -05:00
b06c40d9ef
Add ExpressionJwtGrantedAuthoritiesConverter to extract authorities with an expression
...
This helps to reduce custom code necessary to extract roles from deeply
nested claims.
Closes #15201
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-09-23 16:59:59 -07:00
1a97d07079
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15829
2024-09-19 16:23:08 -05:00
551c483ee6
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15828
2024-09-19 16:22:37 -05:00
7b7a3044cf
Polish gh-15533
2024-09-19 16:13:03 -05:00
8a791028b1
Fix array values of additionalParameters
...
Closes gh-15468
2024-09-19 16:10:00 -05:00
42d9f146d2
Polish gh-15533
2024-09-19 16:05:39 -05:00
24dbc5de53
Fix array values of additionalParameters
...
Closes gh-15468
2024-09-19 16:05:39 -05:00
c1a303bc92
Add tests for overriding parameters
...
Issue gh-15298
Issue gh-11298
2024-09-19 13:01:09 -05:00
5d8cf6a8bc
Polish gh-13588
2024-09-19 12:08:48 -05:00
2c9c309d7f
Provide Casting for ReactiveJwtDecoder
...
Closes gh-15773
2024-09-17 13:54:35 -07:00
63f018eb18
Update tests using deprecated classes
...
Issue gh-15737
2024-09-10 15:10:42 -05:00
7490a8162b
Deprecate default OAuth2AccessTokenResponseClients
...
Closes gh-15737
2024-09-10 15:10:41 -05:00
2cead9b73f
Add RestClient implementations
...
Issue gh-15298
2024-09-10 15:10:41 -05:00
912062d307
Merge branch '6.2.x' into 6.3.x
2024-08-19 09:11:10 -03:00
79fb0113c8
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
2caf1fb6b4
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
e3c19ba86c
Add RestClient interceptor
...
Closes gh-13588
2024-08-16 17:15:18 -05:00
b6ce40980d
Merge branch '6.3.x'
2024-07-22 15:34:34 -06:00
d887c7882d
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15460
2024-07-22 15:34:18 -06:00
4406462346
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15459
2024-07-22 15:34:08 -06:00
5c1a108b8b
Remove Stray JavaDoc Statement
...
As of the 5.2 release, a separate registrar bean was no longer necessary
Closes gh-15425
2024-07-22 15:33:57 -06:00
df76537470
Update Formatting
...
Issue gh-15338
2024-07-18 16:39:30 -07:00
e69e0eb245
Check for null Name Attribute Value
...
Closes gh-15338
2024-07-18 16:39:30 -07:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
077439c73e
Fix typo in JwtDecoder
2024-06-05 17:38:12 -06:00
3acd2c65d9
Add since 6.4
...
Issue gh-15012
2024-06-04 13:44:33 -05:00
7c45ebd81c
Polish gh-15012
2024-06-03 17:02:38 -05:00
99aee99b34
Expose user name attribute name in `OAuth2UserAuthority`
2024-06-03 12:30:34 -05:00
db9f5935ae
Merge branch '6.2.x' into 6.3.x
2024-05-29 16:24:05 -05:00
5a1d261ce0
Merge branch '5.8.x' into 6.2.x
2024-05-29 16:23:37 -05:00
e34621ec2c
Polish gh-14977
2024-05-29 16:23:00 -05:00
1695d03b72
Assert WebSession is not null
...
Issue gh-14975
2024-05-29 14:55:37 -05:00
dd5edeb255
Preserve ArrayListFromString Type
...
Closes gh-15165
2024-05-28 12:43:57 -06:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
2598bf8c37
Polish gh-14859
2024-04-29 15:07:45 -05:00
d0adb2aa70
Simplify Disabling Encoding Client ID and Secret
...
Closes gh-11440
2024-04-29 14:46:12 -05:00
Rob Winch
Steve Riesenberg
Vedran Pavic
Josh Cummings
Pat McCusker
Bodo Graumann
Max Batischev
douxiaofeng99
Joe Grandja
Daeho Kwon
Tran Ngoc Nhan
DingHao
Max Batischev
ThomasKasene
Kai Zander
Davide Colazingari
Hyeongi Jeong
Josh Cummings
Giovanni Lovato
Thomas Darimont
陈圳佳
Marcus Hert Da Coregio
Daniel Garnier-Moiroux
rio
MateuszLenczewski
Filip Hrisafov
JANG
Crain-32