spring-security

Commit Graph

Author	SHA1	Message	Date
Rob Winch	b2325e4176	Add OAuth Support for HTTP Interface Client Closes gh-16858	6 months ago
Josh Cummings	eaab42a73c	Polish BearerTokenAuthenticationConverter Support - Moved to BearerTokenAuthenticationFilter constructor to align with AuthenticationFilter - Undeprecated BearerTokenResolver to reduce number of migration scenarios - Updated to 7.0 schema - Added migration docs Issue gh-14750	7 months ago
Max Batischev	30577bd291	Add Additional Tests To BearerTokenAuthenticationFilterTests Issue gh-14750 Signed-off-by: Max Batischev <mblancer@mail.ru>	7 months ago
Max Batischev	4967f3feee	Add Support BearerTokenAuthenticationConverter Closes gh-14750 Signed-off-by: Max Batischev <mblancer@mail.ru>	7 months ago
Josh Cummings	d52e0b6a05	Polish NimbusJwtDecoder - Aligned JwkSourceJwtDecoderBuilder's relative position with its corresponding static factory - Added @since to JwkSourceJwtDecoderBuilder PR gh-17046	7 months ago
Mark Bonnekessel	ada75e76a6	Add builder to create NimbusJwtDecoder with JwkSource Signed-off-by: Mark Bonnekessel <2949525+marbon87@users.noreply.github.com>	7 months ago
Pat McCusker	5517d8fe3a	Deprecate the X5T JOSE Header name Closes gh-16979 Signed-off-by: Pat McCusker <patmccusker14@gmail.com>	7 months ago
Josh Cummings	6d3b54df21	Change Type Validation Default NimbusJwtDecoder and NimbusReactiveJwtDecoder now use Spring Security's JwtTypeValidator by default instead of Nimbus's type validator. Closes gh-17181	7 months ago
Maximilian Klose	ec05e65668	Add Equals and HashCode methods for better comparison. Closes gh-16394 Signed-off-by: Maximilian Klose <maximilian.klose@adesso.de>	7 months ago
Ferenc Kemeny	bf05b8b430	Support Requiring exp and nbf in JwtTimestampsValidator Closes gh-17004 Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>	7 months ago
Ferenc Kemeny	91b21663db	Polish JwtTimestampValidatorTests This commit corrects the test that checks for both nbf and exp missing. It also adds one for just exp and on for just nbf. Issue gh-17004 Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>	7 months ago
Joe Grandja	5f7155bfc7	Implement internal cache in JtiClaimValidator Closes gh-17107	7 months ago
Joe Grandja	44303d2c80	Polish gh-17080	7 months ago
David Kowis	462e38c0e3	Fix DPoP jkt claim to be JWK SHA-256 thumbprint Just used the nimbus JOSE library to do it, because it already has a compliant implementation. Closes gh-17080 Signed-off-by: David Kowis <david@kow.is>	7 months ago
Joe Grandja	a265ac6ae7	Polish gh-17080	7 months ago
David Kowis	2090f44f74	Fix DPoP jkt claim to be JWK SHA-256 thumbprint Just used the nimbus JOSE library to do it, because it already has a compliant implementation. Closes gh-17080 Signed-off-by: David Kowis <david@kow.is>	7 months ago
Joe Grandja	e3c39f02bc	Add documentation for DPoP support Closes gh-17072	7 months ago
Tran Ngoc Nhan	48eb243012	Update javadoc Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	7 months ago
Tran Ngoc Nhan	1e4dd713c5	Remove APPLICATION_JSON_UTF8 usage Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	7 months ago
Rob Winch	b453840c0a	HttpHeaders no longer a MultiValueMap Closes gh-17060	8 months ago
Rob Winch	2dbf3a2d18	WebClient.exchange->exchangeToMono Closes gh-17057	8 months ago
Rob Winch	5704582c52	ResponseErrorHandler.handleError(URI, HttpMethod,ClientHttpResponse) Closes gh-17056	8 months ago
Rob Winch	11105a5c51	UriComponentsBuilder.fromHttpUrl->fromUriString The fromHttpUrl method is deprecated and replaced with fromUriString Closes gh-	8 months ago
Rob Winch	cb0fdef236	Remove MediaType.APPLICATION_JSON_UTF Closes gh-17050	8 months ago
hammadirshad	1a4602c8c3	Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter Closes gh-16806 Signed-off-by: muha <muha@kreftregisteret.no>	8 months ago
Josh Cummings	f631a0fcd5	Polish ClientRegistrationsTests Simplified the assertion so that it is focused on the core behavior being verified. This will likely also make the test more stable when updating Spring Framework versions. Issue gh-16860	8 months ago
Evgeniy Cheban	0e84f31a00	Add ClientRegistration's RestClient failed attempts information to exception message Closes gh-16860 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	8 months ago
Josh Cummings	eecd7d9559	Update Deprecated Reactor Usage	8 months ago
Josh Cummings	834370d8eb	Update Deprecated Spring Web Usage	8 months ago
Joe Grandja	19090e7873	Add request_uri in OAuth2ParameterNames Closes gh-16947	8 months ago
Joe Grandja	791feee355	Prevent downgraded usage of DPoP-bound access tokens Issue gh-16574 Closes gh-16937	8 months ago
Joe Grandja	1ca33cae70	Make DPoP IatClaimValidator public to allow configuring clock and clockSkew Issue gh-16574 Closes gh-16921	8 months ago
Risto Virtanen	47e1fc045f	Formatted Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Risto Virtanen	1db557e395	Replace ClientRegistrationMixinTests with StdConvertersTest Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Risto Virtanen	368fe2e7a0	Add missing ClientAuthenticationMethods to jackson2 converter Closes gh-16825 Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Steve Riesenberg	9d442c13de	Mark password grant for removal This commit also updates link to the document "Best Current Practice for OAuth 2.0 Security" to point to RFC 9700. Closes gh-16913	8 months ago
Steve Riesenberg	197ee38aa0	Mark deprecated response clients for removal Issue gh-16913	8 months ago
Tran Ngoc Nhan	d864e51ff6	Format OpaqueTokenIntrospector Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	8 months ago
Tran Ngoc Nhan	d899bc5240	Polish javadoc Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	8 months ago
Steve Riesenberg	1fb3fc80f9	Polish gh-15819 Closes gh-15818	8 months ago
Jonah Klöckner	9674532f4d	Add support for access token in body parameter as per rfc 6750 Sec. 2.2 Issue gh-15818	8 months ago
Steve Riesenberg	3c0fef59b5	Polish gh-16039 Closes gh-16038	8 months ago
Jonah Klöckner	da94fbe431	Evaluate URI query parameter only if enabled Issue gh-16038	8 months ago
Josh Cummings	2885b0f75f	Add valueOf This commit adds a static factory for returning a constant ClientAuthenticationMethod or creating a new one when there is no match. Issue gh-16825	9 months ago
Tran Ngoc Nhan	7bca17cb5a	Polish Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	9 months ago
Josh Cummings	99345537d6	Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter Issue gh-16417	9 months ago
Steve Riesenberg	860f130bc4	Add additional validation when refreshing ID tokens Issue gh-16589	9 months ago
Steve Riesenberg	5f98ce5ecc	Polish gh-16589	9 months ago
Josh Cummings	de07b1108f	Use PathPatternRequestMatcher in Web Components This commit changes filters and resolvers that were using AntPathRequestMatcher as their default to using PathPatternRequestMatcher. Issue gh-16632	9 months ago
Josh Cummings	56e757a2a1	Provide Authentication to AuthenticationExceptions Issue gh-16444	9 months ago

1 2 3 4 5 ...

1486 Commits (main)