The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.
Fixes gh-8326
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs
Closes gh-7522
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.
This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.
Closes gh-8493
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
The `io.freefair.aspectj.post-compile-weaving` plugin v5.0.1 includes [a fix](https://github.com/freefair/gradle-plugins/pull/213) that allows all tasks for `./gradlew classes` to be marked as `UP-TO-DATE` following an initial `./gradlew clean classes`. Without this fix, any compile task that is enhanced by the `io.freefair.aspectj.post-compile-weaving` plugin will incorrectly have compilation outputs configured as a _task input_, resulting in the task being out of date following a `clean compile`.
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.
This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.
Fixes gh-8425
Rob Winch
Andreas Volkmann
Josh Cummings
Dávid Kovács
cbornet
Parikshit Dutta
Joe Grandja
Thomas Vitale
Mathieu Ouellet
Artyom Tarynin
Eleftheria Stein
Jean-Pierre Bergamin
Pei-Tang Huang
Andrii Hrytsiuk
Daz DeBoer
Leonard Brünings
Stav Shamir