spring-security

Commit Graph

Author	SHA1	Message	Date
Rafael Dominguez	057ed616c4	Improve error messages in OidcIdTokenValidator This commit ensures that error messages contain more specific information regarding the reported error. Fixes: gh-6323	7 years ago
Johnny Lim	c94f13a971	Polish tests	7 years ago
Joe Grandja	673a2adf26	Polish oauth2 client ExchangeFilterFunction's Fixes gh-6355	7 years ago
Joe Grandja	993e11dcd3	Polish gh-6127	7 years ago
Warren Bailey	1c9ab9197e	When expired retrieve new Client Credentials token. Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server. These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails Fixes gh-5893	7 years ago
Josh Cummings	d77b12d229	authorization_uri Uses UriComponentsBuilder Because of this, authorization_uri can now be a fully-qualified url. Fixes: gh-5760	7 years ago
Joe Grandja	9c0d78da71	Extract OidcTokenValidator to an OAuth2TokenValidator Fixes gh-5930	7 years ago
Joe Grandja	12f320851d	Set openid scope in OAuth2LoginTests	7 years ago
Joe Grandja	8f4f52edb9	Support configurable JwtDecoder for IdToken verification Fixes gh-5717	7 years ago
Eric Deandrea	0f7dff3774	Introduce ReactiveJwtAuthenticationConverter Some changes based on PR comments Fixes gh-6273	7 years ago
Josh Cummings	1bfa38b1bd	Validate Scopes in ClientRegistrationBuilder Fixes: gh-6256	7 years ago
shraiysh	e25bea2cf7	Author: Shraiysh Vaishay cs17btech11050@iith.ac.in Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient Fixes gh-6182	7 years ago
Josh Cummings	566bc6a6e1	Test OpenID Discovery with Trailing Slash Fixes gh-6234	7 years ago
Nicolas Le Bas	ba8a337f9a	Accept a case-insensitive "Bearer" keyword The Authorization header was matched for OAuth2 against the "Bearer" keyword in a case sensitive fashion. According to RFC 2617, it should be case insensitive and some oauth clients (including some earlier versions of spring-security) expect it so. This is the reactive counterpart to commit `63f2b6094f` . Fixes gh-6195	7 years ago
Nicolas Le Bas	63f2b6094f	The "Bearer" keyword should be case-insensitive The Authorization header was matched for OAuth2 against the "Bearer" keyword in a case sensitive fashion. According to RFC 2617, it should be case insensitive and some oauth clients (including some earlier versions of spring-security) expect it so.	7 years ago
jer051	fdc81822ec	Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient Added the ability to specify a custom WebClient in WebClientReactiveClientCredentialsTokenResponseClient. Also added testing to ensure the custom WebClient is not null and is used. Fixes: gh-6051	7 years ago
Josh Cummings	2a8233d035	Remove PowerMock from oauth2-core and oauth2-jose Issue: gh-6025	7 years ago
Josh Cummings	80e13bad41	Remove PowerMock from oauth2-client Issue: gh-6025	7 years ago
Josh Cummings	39933b10ff	Add scopes method to TestOAuth2AccessTokens Issue: gh-6025	7 years ago
dperezcabrera	f6414e9a52	Make InMemory*ClientRegistrationRepository Consistent The previous builders with the list argument were inconsistent with their respective builders of var args.	7 years ago
Rafael Dominguez	e1d68e4f6b	WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code This ensures that token response is only extracted when ClientResponse has a successful status Fixes: gh-6089	7 years ago
Josh Cummings	1ea73e7d8e	Jwt Decoder Local Key Configuration Adds support for configuring Resource Server DSL with a local public key. Fixes: gh-5131	7 years ago
Rafael Dominguez	75a2c2b729	OAuth2AccessTokenResponseBodyExtractor supports Object values This commit ensures the token response is parsed correctly if the values are not a String. Fixes: gh-6087	7 years ago
Josh Cummings	d28e32b000	NimbusJwtDecoder Builder A Builder to simply common construction patterns for NimbusJwtDecoder Issue: gh-6010	7 years ago
Josh Cummings	fbcf48cea0	Low-level Nimbus Jwt Decoder Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor configuration. Fixes: gh-5648	7 years ago
Josh Cummings	ae74f22e30	Reactive Jwt Claim Set Converter Support Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up with the same support on NimbusJwtDecoder. Fixes: gh-6015	7 years ago
Josh Cummings	19649db9ce	Leave Issuer As String Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and JwtIssuerValidator no longer assume it. Issue: gh-6073	7 years ago
Josh Cummings	c70b65c5df	Favor URL.toExternalForm Converts URLs to Strings before comparing them. Uses toString(), which delegates to toExternalForm(). Fixes: gh-6073	7 years ago
Josh Cummings	a32d19ec7d	Polish NimbusReactiveJwtDecoderTests Issue: gh-5650	7 years ago
Joe Grandja	a96893a42a	Remove charset from Accept header in UserInfo request Fixes gh-6017	7 years ago
Vedran Pavic	e1b095df32	Allow in-memory client registration repos to be constructed with a map Fixes gh-5918	7 years ago
Josh Cummings	22bd8f1c1f	Reactive Jwt Authentication Converter Support Fixes: gh-5092	7 years ago
Joe Grandja	07d2e43d7a	Deprecate NimbusAuthorizationCodeTokenResponseClient Fixes gh-5954	7 years ago
Rob Winch	725b3b5482	Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/ Issue: gh-5856	7 years ago
Joe Grandja	9565e90b6e	Remove oauth2-oidc-sdk dependency from oauth2-jose module Fixes gh-5891	7 years ago
Joe Grandja	d46f83caf4	Ensure consistent matching of redirect_uri Fixes gh-5890	7 years ago
Josh Cummings	77fa495860	DelegatingOAuth2TokenValidator Varargs Constructor Fixes: gh-5889	7 years ago
Rob Winch	410f6bae1a	Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge Issue: gh-5872	7 years ago
Rob Winch	dcbf762a0b	WebClient OAuth2 Support for defaultClientRegistrationId Fixes: gh-5872	7 years ago
Joe Grandja	e8d8eb59bf	Make OAuth2AuthorizedClient Serializable Fixes gh-5757	7 years ago
Joe Grandja	2c078c5dd9	Remove expiresAt constructor-arg in OAuth2RefreshToken Fixes gh-5854	7 years ago
Rob Winch	cc8935e904	Fix Reactive OIDC to add refresh token Fixes: gh-5858	7 years ago
Rob Winch	72301e548a	Reactive OAuth2 DSL Customizations Fixes: gh-5855	7 years ago
Rob Winch	385bdfc055	OAuth2AuthorizationCodeGrantWebFilter works with /{action}/ This ensures that the same URL can work for both log in and authorization code which prevents having to create additional registrations on the client and potentially on the server (GitHub only allows a single valid redirect URL). Fixes: gh-5856	7 years ago
Joe Grandja	ed9cd478ba	Polish Issue gh-5776	7 years ago
Joe Grandja	8746e71b9a	Use OAuth2AuthorizationException in authorization flows	7 years ago
Joe Grandja	ef02ab2f8a	DefaultOAuth2UserService handles OAuth2AuthorizationException	7 years ago
Joe Grandja	7474d6524e	DefaultAuthorizationCodeTokenResponseClient throws OAuth2AuthorizationException	7 years ago
Joe Grandja	56b4576396	DefaultClientCredentialsTokenResponseClient throws OAuth2AuthorizationException Fixes gh-5726	7 years ago
Joe Grandja	e56c048db3	Remove OAuth2ClientException	7 years ago

1 2 3 4 5 ...

377 Commits (057ed616c4bf6ac236e8d1fce36a2c25bbbe27a4)