GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Document deprecations in oauth2 modules 

* oauth2-client
* oauth2-resource-server

Issue gh-12022
pull/12226/head
Steve Riesenberg 3 years ago
parent
9bc38ed318
commit
754fe7f457
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
1 changed files with 155 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 155
      docs/modules/ROOT/pages/migration.adoc

155
docs/modules/ROOT/pages/migration.adoc
Unescape View File

@ -3972,6 +3972,136 @@ fun passwordEncoder(): PasswordEncoder { @@ -3972,6 +3972,136 @@ fun passwordEncoder(): PasswordEncoder {
----
====
=== Deprecations in OAuth2 Client
In Spring Security 6, deprecated classes and methods were removed from xref:servlet/oauth2/client/index.adoc[OAuth2 Client].
Each deprecation is listed below, along with a direct replacement.
==== `ServletOAuth2AuthorizedClientExchangeFilterFunction`
The method `setAccessTokenExpiresSkew(...)` can be replaced with one of:
* `ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `JwtBearerOAuth2AuthorizedClientProvider#setClockSkew(...)`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `OidcUserInfo`
The method `phoneNumberVerified(String)` can be replaced with `phoneNumberVerified(Boolean)`.
==== `OAuth2AuthorizedClientArgumentResolver`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `ClaimAccessor`
The method `containsClaim(...)` can be replaced with `hasClaim(...)`.
==== `OidcClientInitiatedLogoutSuccessHandler`
The method `setPostLogoutRedirectUri(URI)` can be replaced with `setPostLogoutRedirectUri(String)`.
==== `HttpSessionOAuth2AuthorizationRequestRepository`
The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacement.
==== `AuthorizationRequestRepository`
The method `removeAuthorizationRequest(HttpServletRequest)` can be replaced with `removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)`.
==== `ClientRegistration`
The method `getRedirectUriTemplate()` can be replaced with `getRedirectUri()`.
==== `ClientRegistration.Builder`
The method `redirectUriTemplate(...)` can be replaced with `redirectUri(...)`.
==== `AbstractOAuth2AuthorizationGrantRequest`
The constructor `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType)` can be replaced with `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration)`.
==== `ClientAuthenticationMethod`
The static field `BASIC` can be replaced with `CLIENT_SECRET_BASIC`.
The static field `POST` can be replaced with `CLIENT_SECRET_POST`.
==== `OAuth2AccessTokenResponseHttpMessageConverter`
The field `tokenResponseConverter` has no direct replacement.
The method `setTokenResponseConverter(...)` can be replaced with `setAccessTokenResponseConverter(...)`.
The field `tokenResponseParametersConverter` has no direct replacement.
The method `setTokenResponseParametersConverter(...)` can be replaced with `setAccessTokenResponseParametersConverter(...)`.
==== `NimbusAuthorizationCodeTokenResponseClient`
The class `NimbusAuthorizationCodeTokenResponseClient` can be replaced with `DefaultAuthorizationCodeTokenResponseClient`.
==== `NimbusJwtDecoderJwkSupport`
The class `NimbusJwtDecoderJwkSupport` can be replaced with `NimbusJwtDecoder` or `JwtDecoders`.
==== `ImplicitGrantConfigurer`
The class `ImplicitGrantConfigurer` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `AuthorizationGrantType`
The static field `IMPLICIT` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `OAuth2AuthorizationResponseType`
The static field `TOKEN` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
==== `OAuth2AuthorizationRequest`
The static method `implicit()` has no direct replacement.
[WARNING]
====
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
====
=== Deprecations in OAuth2 Resource Server
In Spring Security 6, deprecated classes and methods were removed from xref:servlet/oauth2/resource-server/index.adoc[OAuth2 Resource Server].
Each deprecation is listed below, along with a direct replacement.
==== `JwtAuthenticationConverter`
The method `extractAuthorities(...)` can be replaced with `JwtGrantedAuthoritiesConverter#convert(...)`.
== Reactive
=== Use `AuthorizationManager` for Method Security
@ -4142,3 +4272,28 @@ http { @@ -4142,3 +4272,28 @@ http {
==== Opt-out Steps
To opt-out of the 6.0 defaults and instead continue to pass `AuthenticationServiceException` on to ``ServerAuthenticationEntryPoint``s, you can follow the same steps as above, except set `rethrowAuthenticationServiceException` to false.
=== Deprecations in OAuth2 Client
==== `ServerOAuth2AuthorizedClientExchangeFilterFunction`
The method `setAccessTokenExpiresSkew(...)` can be replaced with one of:
* `ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
* `JwtBearerReactiveOAuth2AuthorizedClientProvider#setClockSkew(...)`
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)`.
[NOTE]
====
See xref:reactive/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
====
==== `WebSessionOAuth2ServerAuthorizationRequestRepository`
The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacement.
==== `UnAuthenticatedServerOAuth2AuthorizedClientRepository`
The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`.

Write Preview
Loading…
Cancel
Save