47e1fc045f
Formatted
...
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
2025-04-09 17:09:54 -06:00
1db557e395
Replace ClientRegistrationMixinTests with StdConvertersTest
...
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
2025-04-09 17:09:54 -06:00
368fe2e7a0
Add missing ClientAuthenticationMethods to jackson2 converter
...
Closes gh-16825
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
2025-04-09 17:09:54 -06:00
9d442c13de
Mark password grant for removal
...
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.
Closes gh-16913
2025-04-09 11:15:09 -05:00
197ee38aa0
Mark deprecated response clients for removal
...
Issue gh-16913
2025-04-09 11:15:06 -05:00
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter
...
Issue gh-16417
2025-03-26 16:38:39 -06:00
860f130bc4
Add additional validation when refreshing ID tokens
...
Issue gh-16589
2025-03-26 15:34:17 -05:00
5f98ce5ecc
Polish gh-16589
2025-03-26 15:34:17 -05:00
de07b1108f
Use PathPatternRequestMatcher in Web Components
...
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.
Issue gh-16632
2025-03-26 13:28:58 -06:00
3ebcbd4375
Merge branch '6.4.x'
...
Closes gh-16788
Closes gh-16789
Closes gh-16790
Closes gh-16791
Closes gh-16792
2025-03-20 14:47:07 -05:00
96cfbd1e6c
Merge branch '6.3.x' into 6.4.x
...
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run
Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run
Details
CI / Check Samples (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run
Details
Closes gh-16782
Closes gh-16783
Closes gh-16784
Closes gh-16785
Closes gh-16786
2025-03-20 14:46:18 -05:00
a53ca7c3d0
Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc
...
Closes gh-16555
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-03-20 14:38:09 -05:00
cfe70a5fc7
Restore authorizedClientParametersMapper Assertion
...
Issue gh-16726
2025-03-19 18:13:54 -06:00
6c24a1e717
Improve JdbcOAuth2AuthorizedClientService saveAuthorizedClient
...
Closes gh-16726
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-03-19 18:13:54 -06:00
5bb5d0f6be
Polish gh-16589
2025-03-18 18:07:56 -05:00
fc1469ad5e
Ensure ID Token is updated after refresh token
...
Signed-off-by: Hao <kyrieeeee2@gmail.com>
2025-03-18 18:07:56 -05:00
e6223dede3
Merge branch '6.4.x'
...
- adb303e
2025-03-17 14:34:18 -05:00
05116eabbd
Merge branch '6.3.x' into 6.4.x
...
- adb303e
2025-03-17 14:18:49 -05:00
adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
2025-03-17 14:16:44 -05:00
0938ca01a4
Add support for automatic context-propagation with Micrometer
...
Closes gh-16665
2025-03-13 15:29:08 -05:00
eb5252c4f0
Merge branch '6.4.x'
2025-02-24 17:03:13 -07:00
2bd3cadde8
Use possessive pronoun rather contraction
...
Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
2025-02-24 17:02:45 -07:00
b6c813c5a2
ClientRegistrations supports hostnames with underscores
...
Issue gh-15852
2025-02-20 16:54:24 -07:00
3d15be1b06
JwtDecoders Supports Hostnames with Underscores
...
In the process of verifying gh-15852, another issue with URI was discovered.
This commit adds tests to the uri-computing methods and changes them to use
UriComponents instead of URI.
Issue gh-15852
2025-02-20 16:54:24 -07:00
7fc5d50adf
Polish gh-16551
2025-02-19 13:53:30 -06:00
00cd95be76
Add setRedirectStrategy to OidcClientInitiatedServerLogoutSuccessHandler
...
Closes gh-16556
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-19 13:53:30 -06:00
e5ea75f7f4
Implement Serial
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-01-21 18:14:52 -06:00
004f38639d
Move ClientSettings to ClientRegistration
...
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration
Issue gh-16382
# Conflicts:
# oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
2025-01-17 17:26:48 -06:00
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works
...
Issue gh-16382
2025-01-17 17:26:48 -06:00
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE
...
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.
Issue gh-16382
2025-01-17 17:26:47 -06:00
b0a4dcb89e
ClientSettings equals, hashCode, toString
...
Issue gh-16382
2025-01-17 17:26:47 -06:00
2665a92107
Ensure that ClientSettings cannot be null
...
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.
Issue gh-16382
2025-01-17 17:26:47 -06:00
0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support
...
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.
Issue gh-16382
2025-01-17 17:26:46 -06:00
8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE
...
Closes gh-16382
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-17 17:26:46 -06:00
ed3f3d17b2
Add support customizing redirect URI
...
Closes gh-14778
2025-01-16 14:14:11 -07:00
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
2025-01-14 18:37:53 -07:00
8735368d9e
Don't Support Serialization of Jackson Modules
...
Issu gh-16276
2025-01-14 17:04:36 -07:00
b9911fd522
Add serialVersionUID to Authentication classes
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
77233daae7
Merge branch '6.3.x'
...
Closes gh-16139
2024-11-20 15:55:57 -06:00
4b41f8cb5b
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16138
2024-11-20 15:54:29 -06:00
0eb6acde96
Polish gh-16133
2024-11-20 15:50:29 -06:00
73f3f75712
Always return current ClientRegistration in `loadAuthorizedClient`
...
This changes `InMemoryOAuth2AuthorizedClientService.loadAuthorizedClient`
(and its reactive counterpart) to always return `OAuth2AuthorizedClient`
instances containing the current `ClientRegistration` as obtained from
the `ClientRegistrationRepository`.
Before this change, the first `ClientRegistration` instance was cached,
with the effect that any changes made in the `ClientRegistrationRepository`
(such as a new client secret) would not have taken effect.
Closes gh-15511
2024-11-20 15:50:29 -06:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
e76de931ce
Polish Optional usage
2024-10-25 13:42:33 -07:00
ffed4ea1dc
Polish diamond usage
2024-10-25 13:42:33 -07:00
dab6950231
Move parametersCustomizer
...
The parametersCustomizer was introduced in 6.4.0-M4 with
DefaultOAuth2TokenRequestParametersConverter. However, it cannot be
applied to all parameters and so does not fully solve gh-11298.
This commit moves the customizer to the abstract class so it can be
applied to all parameters.
Closes gh-15939
2024-10-18 12:22:09 -05:00
31f8caec5f
Polish diamond operator usage
2024-10-14 11:51:35 -07:00
a3fd551fb5
Add ClientRegistrations.fromOidcConfiguration method
...
ClientRegistrations now provides the fromOidcConfiguration
method to create a ClientRegistration.Builder from a map
representation of an OpenID Provider Configuration Response.
This is useful when the OpenID Provider Configuration is not
available at a well-known location, or if custom validation
is needed for the issuer location (e.g. if the issuer is only
reachable via a back-channel URI that is different from the
issuer value in the configuration).
Fixes: gh-14633
2024-10-02 15:11:01 -05:00
f5991ae176
Allow access token request parameters to override defaults
...
Closes gh-11298
2024-10-02 12:05:42 -05:00
9ba2435cb2
Support refresh token for Token Exchange
...
Closes gh-15534
2024-09-27 15:57:57 -05:00
e11c188122
Customize the strategy for resolving the principal
...
Closes gh-15826
2024-09-27 15:39:56 -05:00
c1a303bc92
Add tests for overriding parameters
...
Issue gh-15298
Issue gh-11298
2024-09-19 13:01:09 -05:00
5d8cf6a8bc
Polish gh-13588
2024-09-19 12:08:48 -05:00
63f018eb18
Update tests using deprecated classes
...
Issue gh-15737
2024-09-10 15:10:42 -05:00
7490a8162b
Deprecate default OAuth2AccessTokenResponseClients
...
Closes gh-15737
2024-09-10 15:10:41 -05:00
2cead9b73f
Add RestClient implementations
...
Issue gh-15298
2024-09-10 15:10:41 -05:00
e3c19ba86c
Add RestClient interceptor
...
Closes gh-13588
2024-08-16 17:15:18 -05:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
7c45ebd81c
Polish gh-15012
2024-06-03 17:02:38 -05:00
99aee99b34
Expose user name attribute name in `OAuth2UserAuthority`
2024-06-03 12:30:34 -05:00
db9f5935ae
Merge branch '6.2.x' into 6.3.x
2024-05-29 16:24:05 -05:00
5a1d261ce0
Merge branch '5.8.x' into 6.2.x
2024-05-29 16:23:37 -05:00
e34621ec2c
Polish gh-14977
2024-05-29 16:23:00 -05:00
1695d03b72
Assert WebSession is not null
...
Issue gh-14975
2024-05-29 14:55:37 -05:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
2598bf8c37
Polish gh-14859
2024-04-29 15:07:45 -05:00
d0adb2aa70
Simplify Disabling Encoding Client ID and Secret
...
Closes gh-11440
2024-04-29 14:46:12 -05:00
05d3beb6a8
Polish gh-13648
2024-04-18 16:17:49 -05:00
b69939c1e5
Getters for OAuth2AuthorizedClientId properties
...
Expose getters for principalName and clientRegistrationId which compose an OAuth2AuthorizedClientId
2024-04-18 16:10:39 -05:00
b1b84f9b8a
Revert "Support overriding RestOperations in OidcIdTokenDecoderFactory"
...
This reverts commit 9c352c4b4b
2024-04-11 14:29:59 -06:00
5a50bfccac
Revert "Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory"
...
This reverts commit 0041c658de
2024-04-11 14:29:59 -06:00
ff19f04fca
Add JwtValidators append to default
...
Implemented simplified creation of default OAuth2TokenValidator with additional validators.
Closes gh-14831
2024-04-02 14:41:35 -07:00
b648a24f5f
Polish Type Conversion API
...
Issue gh-6245
2024-04-01 16:14:21 -06:00
e52dd81d03
Customize mapping the OidcUser
...
Closes gh-14672
2024-03-07 15:45:39 -06:00
85c3d0ab13
Add reactive support for OAuth 2.0 Token Exchange Grant
...
Issue gh-5199
2024-03-06 16:02:58 -06:00
d2fe9094a9
Add servlet support for OAuth 2.0 Token Exchange Grant
...
Issue gh-5199
2024-03-06 16:02:58 -06:00
07ac0b616b
Introduce Customizable AuthorizationFailureHandler
...
Closes gh-13793
2024-03-01 13:11:46 -06:00
21580fd27d
Merge branch '6.2.x'
2024-02-16 13:31:20 -03:00
15306c1007
Merge branch '6.1.x' into 6.2.x
2024-02-16 13:21:15 -03:00
750cb30ce4
Add AuthenticationTrustResolver.isAuthenticated
2024-02-16 13:08:29 -03:00
96e3e4f8b1
Customize when user info is called
...
Closes gh-13259
2024-02-13 12:34:20 -06:00
e77126740d
Add ReactiveOidcIdTokenDecoderFactory#setWebClientResolver
...
Closes gh-13274
2024-02-01 10:04:06 -07:00
d7599ab192
Polish setAttributesConverter
...
- Add Tests
- Add Reactive Support
Issue gh-14186
2024-01-30 14:37:20 -07:00
04f0f2597a
Polish DefaultOAuth2UserService
...
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2024-01-30 14:37:20 -07:00
d9d22c75a2
Add support for nested username attribute in DefaultOAuth2User
...
Closes gh-14186
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2024-01-30 14:37:20 -07:00
7ee974445b
Update Checkstyle
...
Issue gh-14178
2024-01-22 08:44:54 -07:00
04394a63cd
Update Formatting
...
Issue gh-14178
2024-01-22 08:26:25 -07:00
1e90bdfc0b
Update Copyright
...
Issue gh-14178
2024-01-19 09:26:04 -07:00
9c352c4b4b
Support overriding RestOperations in OidcIdTokenDecoderFactory
...
Closes gh-14178
2024-01-19 09:24:56 -07:00
0041c658de
Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory
...
Closes gh-14178
2024-01-19 09:24:56 -07:00
9db33f33c7
Revert unnecessary merges on 6.0.x
...
This commit removes unnecessary main-branch merges starting from
8750608b5b5dce82c48b
2023-10-31 15:11:45 -05:00
07b6c451fd
Merge branch '6.1.x'
...
Closes gh-13884
2023-09-29 11:47:38 -03:00
92c82191c9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13882
2023-09-29 11:46:00 -03:00
64e2a2ff8b
Apply updated Code Style
...
Closes gh-13881
2023-09-29 11:44:32 -03:00
cb33fd7850
Add OIDC Back-Channel Logout Support
...
Closes gh-12570
2023-09-16 15:12:21 -06:00
5535d17172
Merge branch '6.1.x'
...
Closes gh-13807
Closes gh-13803
Closes gh-13802
2023-09-12 18:55:42 -05:00
9df9cb5aed
refactor: AssertJ best practices
...
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D
Co-authored-by: Moderne <team@moderne.io>
2023-09-12 16:18:14 -06:00
771d9cd8b6
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13799
2023-09-12 17:00:47 -05:00
Risto Virtanen
Steve Riesenberg
Josh Cummings
Tran Ngoc Nhan
Max Batischev
Hao
Rob Winch
Pat McCusker
DingHao
Max Batischev
Kai Zander
Joe Grandja
Giovanni Lovato
Marcus Hert Da Coregio
Filip Hrisafov
JANG
Crain-32
ch4mpy
Josh Cummings
greg.lee
Rob Winch
ubaid4j
ahmd-nabil
Armin Krezović
Steve Riesenberg
Tim te Beek