spring-security

Commit Graph

Author	SHA1	Message	Date
Rob Winch	b2325e4176	Add OAuth Support for HTTP Interface Client Closes gh-16858	6 months ago
Tran Ngoc Nhan	48eb243012	Update javadoc Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	8 months ago
Tran Ngoc Nhan	1e4dd713c5	Remove APPLICATION_JSON_UTF8 usage Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	8 months ago
Rob Winch	5704582c52	ResponseErrorHandler.handleError(URI, HttpMethod,ClientHttpResponse) Closes gh-17056	8 months ago
Rob Winch	11105a5c51	UriComponentsBuilder.fromHttpUrl->fromUriString The fromHttpUrl method is deprecated and replaced with fromUriString Closes gh-	8 months ago
Rob Winch	cb0fdef236	Remove MediaType.APPLICATION_JSON_UTF Closes gh-17050	8 months ago
Josh Cummings	f631a0fcd5	Polish ClientRegistrationsTests Simplified the assertion so that it is focused on the core behavior being verified. This will likely also make the test more stable when updating Spring Framework versions. Issue gh-16860	8 months ago
Evgeniy Cheban	0e84f31a00	Add ClientRegistration's RestClient failed attempts information to exception message Closes gh-16860 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	8 months ago
Josh Cummings	eecd7d9559	Update Deprecated Reactor Usage	8 months ago
Josh Cummings	834370d8eb	Update Deprecated Spring Web Usage	8 months ago
Risto Virtanen	47e1fc045f	Formatted Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Risto Virtanen	1db557e395	Replace ClientRegistrationMixinTests with StdConvertersTest Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Risto Virtanen	368fe2e7a0	Add missing ClientAuthenticationMethods to jackson2 converter Closes gh-16825 Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>	8 months ago
Steve Riesenberg	9d442c13de	Mark password grant for removal This commit also updates link to the document "Best Current Practice for OAuth 2.0 Security" to point to RFC 9700. Closes gh-16913	8 months ago
Steve Riesenberg	197ee38aa0	Mark deprecated response clients for removal Issue gh-16913	8 months ago
Josh Cummings	99345537d6	Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter Issue gh-16417	9 months ago
Steve Riesenberg	860f130bc4	Add additional validation when refreshing ID tokens Issue gh-16589	9 months ago
Steve Riesenberg	5f98ce5ecc	Polish gh-16589	9 months ago
Josh Cummings	de07b1108f	Use PathPatternRequestMatcher in Web Components This commit changes filters and resolvers that were using AntPathRequestMatcher as their default to using PathPatternRequestMatcher. Issue gh-16632	9 months ago
Tran Ngoc Nhan	a53ca7c3d0	Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc Closes gh-16555 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	9 months ago
Josh Cummings	cfe70a5fc7	Restore authorizedClientParametersMapper Assertion Issue gh-16726	9 months ago
Max Batischev	6c24a1e717	Improve JdbcOAuth2AuthorizedClientService saveAuthorizedClient Closes gh-16726 Signed-off-by: Max Batischev <mblancer@mail.ru>	9 months ago
Steve Riesenberg	5bb5d0f6be	Polish gh-16589	9 months ago
Hao	fc1469ad5e	Ensure ID Token is updated after refresh token Signed-off-by: Hao <kyrieeeee2@gmail.com>	9 months ago
Rob Winch	adb303e152	Add testRuntimeOnly junit-platform-launcher Closes gh-16755	9 months ago
Steve Riesenberg	0938ca01a4	Add support for automatic context-propagation with Micrometer Closes gh-16665	9 months ago
Pat McCusker	2bd3cadde8	Use possessive pronoun rather contraction Signed-off-by: Pat McCusker <patmccusker14@gmail.com>	10 months ago
Josh Cummings	b6c813c5a2	ClientRegistrations supports hostnames with underscores Issue gh-15852	10 months ago
Josh Cummings	3d15be1b06	JwtDecoders Supports Hostnames with Underscores In the process of verifying gh-15852, another issue with URI was discovered. This commit adds tests to the uri-computing methods and changes them to use UriComponents instead of URI. Issue gh-15852	10 months ago
Steve Riesenberg	7fc5d50adf	Polish gh-16551	10 months ago
Max Batischev	00cd95be76	Add setRedirectStrategy to OidcClientInitiatedServerLogoutSuccessHandler Closes gh-16556 Signed-off-by: Max Batischev <mblancer@mail.ru>	10 months ago
Tran Ngoc Nhan	e5ea75f7f4	Implement Serial Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	11 months ago
Rob Winch	004f38639d	Move ClientSettings to ClientRegistration Initially it was proposed to put ClientSettings as a top level class, but to be consistent with ProviderDetails, this commit moves ClientSettings to be an inner class of ClientRegistration Issue gh-16382 # Conflicts: # oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java	11 months ago
Rob Winch	4c533569bb	Ensure missing ClientRegistration.clientSettings JSON node works Issue gh-16382	11 months ago
Rob Winch	f9498d3885	PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the code should validate this. Issue gh-16382	11 months ago
Rob Winch	b0a4dcb89e	ClientSettings equals, hashCode, toString Issue gh-16382	11 months ago
Rob Winch	2665a92107	Ensure that ClientSettings cannot be null This ensures that ClientRegistration.Builder.ClientSettings cannot be null. This has a slight advantage in terms of null safety to making this check happen in the build method since the Builder does not have a null field either. Issue gh-16382	11 months ago
Rob Winch	0ed7b18f42	DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver enables PKCE support. Issue gh-16382	11 months ago
DingHao	8d3e0844c5	Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE Closes gh-16382 Signed-off-by: DingHao <dh.hiekn@gmail.com>	11 months ago
Max Batischev	ed3f3d17b2	Add support customizing redirect URI Closes gh-14778	11 months ago
Josh Cummings	244fd2eb51	Support Serialization in Exceptions Issue gh-16276	11 months ago
Josh Cummings	8735368d9e	Don't Support Serialization of Jackson Modules Issu gh-16276	11 months ago
Josh Cummings	b9911fd522	Add serialVersionUID to Authentication classes Issue gh-16276	1 year ago
Steve Riesenberg	0eb6acde96	Polish gh-16133	1 year ago
Kai Zander	73f3f75712	Always return current ClientRegistration in `loadAuthorizedClient` This changes `InMemoryOAuth2AuthorizedClientService.loadAuthorizedClient` (and its reactive counterpart) to always return `OAuth2AuthorizedClient` instances containing the current `ClientRegistration` as obtained from the `ClientRegistrationRepository`. Before this change, the first `ClientRegistration` instance was cached, with the effect that any changes made in the `ClientRegistrationRepository` (such as a new client secret) would not have taken effect. Closes gh-15511	1 year ago
Joe Grandja	a8c4d6cead	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	a7bf8f7cc6	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	0eaffb37e7	Require Locale argument for toLower/toUpperCase usage	1 year ago
Tran Ngoc Nhan	e76de931ce	Polish Optional usage	1 year ago
Tran Ngoc Nhan	ffed4ea1dc	Polish diamond usage	1 year ago

1 2 3 4 5 ...

881 Commits (18010f9914e3ab938b51f459c83451e3721fedf2)