19738 Commits

All Branches

Search

Author	SHA1	Message	Date
Joe Grandja	fbf7bb3be1	Allow OAuth2AuthorizationRequest to be extended ... Closes gh-18049	2025-10-14 16:34:59 -04:00
Ivan Golovko	979ac7c336	Remove cache from (Reactive)OidcIdTokenDecoderFactory ... Closes gh-16647 Signed-off-by: iigolovko <iigolovko@ginc-it.ru>	2025-10-14 11:24:54 -04:00
dependabot[bot]	90a1c2c15d	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 ... Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-14 03:20:40 +00:00
dependabot[bot]	978459bd1d	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 ... Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-14 03:15:43 +00:00
Rob Winch	2af57c40ef	Update to JUnit 6.0.0 ... To do this, we also need Spring Framework 7.0.0-SNAPSHOTs Closes gh-18040	2025-10-13 11:16:56 -05:00
Rob Winch	b864be92d8	Update to Reactor 2025.0.0-SNAPSHOT ... To prepare for the release we should update to Reactor 2025.0.0-SNAPSHOT to fix any issues that are present. Closes gh-18041	2025-10-13 11:16:27 -05:00
Rob Winch	4b6c9cca7e	Enable SNAPSHOT builds ... To use Reactor SNAPSHOTs in gh-18041 we need to enable the snapshot repositories. Issue gh-18041	2025-10-13 11:15:53 -05:00
dependabot[bot]	73690a928b	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.33.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-13 03:27:33 +00:00
dependabot[bot]	7cc9d2849e	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.33.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-13 03:16:24 +00:00
Rob Winch	78701f94ee	Document RequiredFactor Valid Duration ... Issue gh-17997	2025-10-10 16:24:47 -05:00
Rob Winch	2b4e36c67f	Add RequiredFactor.Builder.<factor-name>Authority() ... Closes gh-18033	2025-10-10 16:24:47 -05:00
Rob Winch	702878acae	Create AuthorizationManagerFactories.multiFactor ... Closes gh-18032	2025-10-10 16:24:47 -05:00
Rob Winch	488e55032e	AllFactorsAuthorizationManager->AllRequiredFactorsAuthorizationManager ... This allows the authorization logic to be relaxed so that if RequiredFactor only has an authority specified, then the GrantedAuthority can be of any type. Closes gh-18031	2025-10-10 16:24:47 -05:00
Rob Winch	d18431a78d	Move FACTOR_ constants to FactorGrantedAuthority ... Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030	2025-10-10 16:24:46 -05:00
Rob Winch	e290c98e97	Document Multi-Factor Simple to Complex ... This reworks the Multi-Factor documentation to start with the simplest scenario and work to progressively more complex requirements. Closes gh-18029	2025-10-10 16:23:38 -05:00
Rob Winch	473baad6bd	Add RequiredAuthoritiesRepository ... Closes gh-18028	2025-10-10 15:42:17 -05:00
Joe Grandja	586081c125	Revert "Temporarily fix integration tests" ... This reverts commit 35f41f87d1. Issue gh-17880	2025-10-10 13:33:42 -04:00
Rob Winch	864a9b2fb3	Fix ProviderManager.copyDetails Changes Authentication Type ... Closes gh-18027	2025-10-10 11:03:49 -05:00
Joe Grandja	1213dbe76f	Fix checkstyle	2025-10-09 13:51:50 -04:00
Joe Grandja	3656e7ad8c	Add tests to OAuth2AuthorizationServerJackson2ModuleTests	2025-10-09 13:23:38 -04:00
Joe Grandja	1cca9c5822	Enable PKCE by default in authorization server ... Closes gh-18020	2025-10-09 09:51:17 -04:00
Joe Grandja	469ed09645	Allow setting Clock in OAuth2TokenGenerator implementations ... Closes gh-18017	2025-10-07 16:34:43 -04:00
Joe Grandja	1d7f4c3b11	Polish javadoc for ClientSettings.requireAuthorizationConsent ... Issue gh-18016	2025-10-07 11:29:10 -04:00
Joe Grandja	baa3b287d6	Add Predicate for authorizationConsentRequired for device code grant ... Introduces customizable Predicate to determine if user consent is required in device authorization flows. Previously, device consent handling used fixed logic. Now applications can define custom logic for skipping or displaying consent pages. Adds OAuth2DeviceVerificationAuthenticationContext and updates OAuth2DeviceVerificationAuthenticationProvider with setAuthorizationConsentRequired method. Fixes gh-18016 Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>	2025-10-07 11:13:30 -04:00
dependabot[bot]	d5c5bb234c	Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs ... Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 14:01:08 -05:00
Rob Winch	83da86a358	DefaultLoginPageGeneratingFilter uses List ... This fixes an ordering problem with query parameters of the tests. Issue gh-18002	2025-10-06 09:34:06 -05:00
dependabot[bot]	71e6d81910	Bump com.webauthn4j:webauthn4j-core ... Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.7.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:29:57 -05:00
dependabot[bot]	16475d3453	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 ... Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:15:25 -05:00
Rob Winch	3f84e96711	Bump io.mockk:mockk from 1.14.5 to 1.14.6	2025-10-06 09:13:16 -05:00
Rob Winch	1c870f25e9	Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.4 to 0.0.5	2025-10-06 09:13:12 -05:00
Rob Winch	79e2d4b688	Merge branch '6.5.x'	2025-10-06 09:12:06 -05:00
Rob Winch	9f8ebdcf4d	Merge branch '6.4.x' into 6.5.x	2025-10-06 09:11:56 -05:00
Rob Winch	8ce38af608	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19	2025-10-06 09:11:20 -05:00
Rob Winch	607b1dfffe	Bump io.mockk:mockk from 1.14.5 to 1.14.6	2025-10-06 09:11:17 -05:00
Rob Winch	904f5157fa	Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE	2025-10-06 09:11:15 -05:00
Rob Winch	f57c9ffcbb	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19	2025-10-06 09:10:34 -05:00
dependabot[bot]	b7f40a4e08	Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.31.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 03:21:28 +00:00
dependabot[bot]	dd7f809564	Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.31.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 03:13:36 +00:00
Joe Grandja	51fe7ff737	Return device_code grant metadata when enabled ... Issue gh-17998	2025-10-04 05:38:11 -04:00
Rob Winch	9595d37c14	Integration Test for DefaultLoginPageGeneratingFilterTests ... Add a minimal test to ensure that DelegatingMissingAuthorityAccessDeniedHandler and DefaultLoginPageGeneratingFilterTests work together properly. Issue gh-18002	2025-10-03 15:20:03 -05:00
Rob Winch	2473378fcd	Use RequiredFactorErrors ... Closes gh-18002	2025-10-03 15:20:03 -05:00
Rob Winch	d1ff983c11	Add AllFactorsAuthorizationManager ... Closes gh-17997	2025-10-03 15:20:03 -05:00
Rob Winch	3f74991ce9	Authentication adds FactorGrantedAuthority ... Closes gh-18001	2025-10-03 15:20:03 -05:00
Rob Winch	ce36fc1e76	Add FactorGrantedAuthority ... Closes gh-17996	2025-10-03 15:20:00 -05:00
Joe Grandja	477a456d6c	Disable device_code grant by default ... Closes gh-17998	2025-10-03 14:10:13 -04:00
Joe Grandja	4dfef1483d	Polish gh-17507	2025-10-03 13:09:09 -04:00
Rohan Naik	8c65dc93f2	Enable PKCE by default ... Closes gh-17507 Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>	2025-10-03 13:08:04 -04:00
dependabot[bot]	0f40f694b8	Bump io.spring.nullability:io.spring.nullability.gradle.plugin ... Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.4 to 0.0.5. - [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases) - [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.4...v0.0.5) --- updated-dependencies: - dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin dependency-version: 0.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-03 03:08:45 +00:00
Joe Grandja	54aae36f98	Add support for OAuth 2.0 Protected Resource Metadata ... Closes gh-17244	2025-10-02 14:50:17 -04:00
dependabot[bot]	564726adea	Bump com.webauthn4j:webauthn4j-core ... Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.7.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-02 03:19:11 +00:00