Deprecate Resource Owner Password Credentials grant
Closes gh-11590
This commit is contained in:
parent
1be9be97a1
commit
95155ddb0c
|
@ -137,7 +137,13 @@ public final class OAuth2AuthorizedClientProviderBuilder {
|
|||
/**
|
||||
* Configures support for the {@code password} grant.
|
||||
* @return the {@link OAuth2AuthorizedClientProviderBuilder}
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
|
||||
* of the Resource Owner Password Credentials grant. See reference
|
||||
* <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public OAuth2AuthorizedClientProviderBuilder password() {
|
||||
this.builders.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
|
||||
return OAuth2AuthorizedClientProviderBuilder.this;
|
||||
|
@ -148,7 +154,13 @@ public final class OAuth2AuthorizedClientProviderBuilder {
|
|||
* @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
|
||||
* further configuration
|
||||
* @return the {@link OAuth2AuthorizedClientProviderBuilder}
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
|
||||
* of the Resource Owner Password Credentials grant. See reference
|
||||
* <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public OAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
|
||||
PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders
|
||||
.computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -40,7 +40,12 @@ import org.springframework.util.StringUtils;
|
|||
* @since 5.2
|
||||
* @see OAuth2AuthorizedClientProvider
|
||||
* @see DefaultPasswordTokenResponseClient
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use of
|
||||
* the Resource Owner Password Credentials grant. See reference <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
|
||||
|
||||
private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient = new DefaultPasswordTokenResponseClient();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -40,7 +40,12 @@ import org.springframework.util.StringUtils;
|
|||
* @since 5.2
|
||||
* @see ReactiveOAuth2AuthorizedClientProvider
|
||||
* @see WebClientReactivePasswordTokenResponseClient
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use of
|
||||
* the Resource Owner Password Credentials grant. See reference <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public final class PasswordReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
|
||||
|
||||
private ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient = new WebClientReactivePasswordTokenResponseClient();
|
||||
|
|
|
@ -139,7 +139,13 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
|
|||
/**
|
||||
* Configures support for the {@code password} grant.
|
||||
* @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
|
||||
* of the Resource Owner Password Credentials grant. See reference
|
||||
* <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public ReactiveOAuth2AuthorizedClientProviderBuilder password() {
|
||||
this.builders.computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class,
|
||||
(k) -> new PasswordGrantBuilder());
|
||||
|
@ -151,7 +157,13 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder {
|
|||
* @param builderConsumer a {@code Consumer} of {@link PasswordGrantBuilder} used for
|
||||
* further configuration
|
||||
* @return the {@link ReactiveOAuth2AuthorizedClientProviderBuilder}
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
|
||||
* of the Resource Owner Password Credentials grant. See reference
|
||||
* <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer<PasswordGrantBuilder> builderConsumer) {
|
||||
PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders.computeIfAbsent(
|
||||
PasswordReactiveOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder());
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,7 +53,12 @@ import org.springframework.web.client.RestTemplate;
|
|||
* @see <a target="_blank" href=
|
||||
* "https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response
|
||||
* (Resource Owner Password Credentials Grant)</a>
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use of
|
||||
* the Resource Owner Password Credentials grant. See reference <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public final class DefaultPasswordTokenResponseClient
|
||||
implements OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -30,7 +30,12 @@ import org.springframework.util.Assert;
|
|||
* @see <a target="_blank" href=
|
||||
* "https://tools.ietf.org/html/rfc6749#section-1.3.3">Section 1.3.3 Resource Owner
|
||||
* Password Credentials</a>
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use of
|
||||
* the Resource Owner Password Credentials grant. See reference <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public class OAuth2PasswordGrantRequest extends AbstractOAuth2AuthorizationGrantRequest {
|
||||
|
||||
private final String username;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -42,7 +42,12 @@ import org.springframework.web.reactive.function.client.WebClient;
|
|||
* @see <a target="_blank" href=
|
||||
* "https://tools.ietf.org/html/rfc6749#section-4.3.3">Section 4.3.3 Access Token Response
|
||||
* (Resource Owner Password Credentials Grant)</a>
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use of
|
||||
* the Resource Owner Password Credentials grant. See reference <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public final class WebClientReactivePasswordTokenResponseClient
|
||||
extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> {
|
||||
|
||||
|
|
|
@ -57,6 +57,14 @@ public final class AuthorizationGrantType implements Serializable {
|
|||
|
||||
public static final AuthorizationGrantType CLIENT_CREDENTIALS = new AuthorizationGrantType("client_credentials");
|
||||
|
||||
/**
|
||||
* @deprecated The latest OAuth 2.0 Security Best Current Practice disallows the use
|
||||
* of the Resource Owner Password Credentials grant. See reference
|
||||
* <a target="_blank" href=
|
||||
* "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.4">OAuth
|
||||
* 2.0 Security Best Current Practice.</a>
|
||||
*/
|
||||
@Deprecated
|
||||
public static final AuthorizationGrantType PASSWORD = new AuthorizationGrantType("password");
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue