d3ab5fb21d
Remove DelegatingAuthenticationConverter
...
Closes gh-2102
8 months ago
108e64616a
Remove OAuth2AuthorizationServerConfiguration.applyDefaultSecurity()
...
Closes gh-2101
8 months ago
c53a092e86
Ensure serializable classes do not share serialVersionUID
...
Closes gh-2100
8 months ago
3084c086a9
Add testRuntimeOnly junit-platform-launcher
...
Related https://github.com/spring-projects/spring-security/issues/16755
Closes gh-2092
9 months ago
d43c28348a
Fix breaking changes with AntPathRequestMatcher being removed
...
Related https://github.com/spring-projects/spring-security/issues/16887
Closes gh-2086
9 months ago
f00f83132c
Fix breaking changes with ObjectPostProcessor being moved
...
Related ee9a887ae5
9 months ago
51904bb37d
Bump next major version
9 months ago
76ae518d56
Increase request_uri expiry for OAuth2 Pushed Authorization Request
...
Closes gh-2024
10 months ago
fe4b5ada8c
Polish gh-1997
10 months ago
ce528eed9b
Check user code expiry and invalidity
...
Closes gh-1977
Signed-off-by: Antoine Lauzon <139174762+antoinelauzon-bell@users.noreply.github.com>
10 months ago
5bf66c305d
Polish logging in OAuth2ClientAuthenticationFilter
...
Closes gh-2025
10 months ago
90e6a795c4
Add documentation for OAuth 2.0 Pushed Authorization Requests (PAR)
...
Closes gh-2014
10 months ago
3debeb6f65
Add documentation for DPoP support
...
Closes gh-2009
10 months ago
86b5607a03
Fix DPoP jkt claim validation during refresh_token grant for public clients
...
Closes gh-2008
10 months ago
07f9621b02
Fix DPoP jkt claim to be JWK SHA-256 thumbprint
...
Closes gh-2007
10 months ago
23179507d5
Use OAuth2ParameterNames.REQUEST_URI
...
Issue gh-1925
Closes gh-1991
11 months ago
c624d0a908
Revert "Fix client_secret_basic authentication failures and return challenge"
...
This reverts commit 42c18c856f
11 months ago
7e41e87142
Revert "Allow customizing client authentication failures with AuthenticationEntryPoint"
...
This reverts commit f415f2a52c
11 months ago
f415f2a52c
Allow customizing client authentication failures with AuthenticationEntryPoint
...
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
11 months ago
42c18c856f
Fix client_secret_basic authentication failures and return challenge
...
Closes gh-468
11 months ago
2dff08834c
Add authorization server metadata for OAuth 2.0 Pushed Authorization Requests (PAR)
...
Issue gh-1925
Closes gh-1975
11 months ago
4b78a5e991
Enforce one-time use for request_uri used in PAR
...
Issue gh-1925
Closes gh-1974
11 months ago
c82aace6d4
Polish tests
...
Issue gh-1925
11 months ago
39cb9bfcea
Validate expiry for request_uri used in PAR
...
Issue gh-1925
Closes gh-1973
11 months ago
5458e0855a
request_uri used in PAR must be bound to the client
...
Issue gh-1925
Closes gh-1971
11 months ago
65e3a5ec9b
Add authorization server metadata for DPoP support
...
Issue gh-1813
Closes gh-1951
1 year ago
48fd6ab60f
Verify DPoP Proof public key during refresh_token grant for public clients
...
Issue gh-1813
Closes gh-1949
1 year ago
81c25ef6cb
Fix test in OAuth2PushedAuthorizationRequestEndpointFilterTests
...
Issue gh-1925
1 year ago
30ebf1ecc6
Polish gh-1908
1 year ago
bbca6b02b7
Polish JdbcOAuth2AuthorizationService
...
Closes gh-1908
Signed-off-by: arefbehboudi <behboodiaref@gmail.com>
1 year ago
5bd47b6c2d
Polish gh-1907
1 year ago
2e9fe7e99e
Use pattern matching
...
Closes gh-1907
Signed-off-by: arefbehboudi <behboodiaref@gmail.com>
1 year ago
4337884e87
Add support for OAuth 2.0 Pushed Authorization Requests (PAR)
...
Closes gh-210
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
1 year ago
629239fde1
Polish gh-1874
1 year ago
b0fca27c7b
Support POST for authorization code request flow
...
Closes gh-1811
Signed-off-by: sylvain-costanzo <sylvain.costanzo1@decathlon.com>
1 year ago
29472a17a9
Polish gh-1889
1 year ago
8d4da24892
Fix device access token response error codes
...
Closes gh-1885
Signed-off-by: Nick Holloway <nick.holloway@pyrites.org.uk>
1 year ago
779d87a279
Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP)
...
Closes gh-1813
1 year ago
bf7f4f4af9
Bump next minor version
1 year ago
f1d54279e6
Replace deprecated fromHttpUrl with fromUriString
...
Closes gh-1883
Signed-off-by: Loren <cn.luowenjie@qq.com>
1 year ago
1f28280e7b
Add Override annotation
...
Closes gh-1878
Signed-off-by: Loren <cn.luowenjie@qq.com>
1 year ago
d238794229
Polish diamond operator
...
Closes gh-1848
1 year ago
ed0265bf02
Polish
...
Closes gh-1842
1 year ago
e8f627f01e
Use empty map for missing additional parameters
...
Closes gh-1826
1 year ago
572255bebe
Use toLower/toUpperCase with Locale argument
...
Closes gh-1790
1 year ago
c6c20b9dba
AOT contributions will be registered for JbcOAuth2AuthorizationService subclasses
...
Prior to this commit, String-based class name comparisons were used for determining if a bean was of type JdbcOAuth2AuthorizationService or
JdbcRegisteredClientRepository.
Now JdbcOAuth2AuthorizationService.class.isAssignableFrom(...) and JdbcRegisteredClientRepository.class.isAssignableFrom(...) is used so that any subclasses are
detected and the necessary AOT hints are contributed.
Closes gh-1778
1 year ago
145599b44a
Replace DelegatingAuthenticationConverter with one in Spring Security
...
Closes gh-1736
1 year ago
68300d4cf9
Polish gh-1729
1 year ago
8c297b1252
Fix verification_uri in device authorization response when context path exists
...
Closes gh-1714
1 year ago
2c7975485f
Simplify configuring authorization server using HttpSecurity.with()
...
Closes gh-1707
1 year ago
Joe Grandja
Antoine Lauzon
arefbehboudi
sylvain-costanzo
Nick Holloway
Loren
Tran Ngoc Nhan
Leon Linhart
William Koch
Max Batischev
Selene Feigl