DefaultOAuth2AuthorizationRequestResolver should not depend on
OAuth2AuthorizationRequestRedirectFilter because
OAuth2AuthorizationRequestRedirectFilter already depends on
DefaultOAuth2AuthorizationRequestResolver.
OAuth2AuthorizationRequestRedirectFilter also takes advantage of the
new constructor that defaults the base uri.
Polishes gh-16384
- Simplify withKeyPair methods to match withPublicKey convention
in NimbusJwtDecoder
- Update tests to confirm support of other algorithms
- Update constructor to apply additional JWK properties
to the default header
- Deduce the possibly algorithms for a given key based
on curve and key size
- Remove algorithm method from EC builder since the
algorithm is determined by the Curve of the EC Key
Issue gh-16267
Co-Authored-By: Suraj Bhadrike <surajbh2233@gmail.com>
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.
Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs
Issue gh-14750
- Aligned JwkSourceJwtDecoderBuilder's relative position with its
corresponding static factory
- Added @since to JwkSourceJwtDecoderBuilder
PR gh-17046
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
This commit corrects the test that checks for both
nbf and exp missing. It also adds one for just exp
and on for just nbf.
Issue gh-17004
Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.
Closes gh-17080
Signed-off-by: David Kowis <david@kow.is>
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.
Closes gh-17080
Signed-off-by: David Kowis <david@kow.is>
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.
Issue gh-16860
