Previously the Oidc(Reactive)OAuth2UserService APIs allowed a strategy
for converting to the OidcUser with the OidcUserRequest and OidcUserInfo.
The input should also include the OAuth2User to make
it simple to use the OAuth2User as a part of the conversion.
This commit introduces OidcUserSource as a POJO containing
OidcUserRequest, OidcUserInfo, and OAuth2User.
It then updates the OidcUser conversion strategy in OidcUserService and
OidcReactiveOAuth2UserService to accept OidcUserSource as the source for
the Converter used to create OidUser.
Closes gh-17626
DefaultOAuth2AuthorizationRequestResolver should not depend on
OAuth2AuthorizationRequestRedirectFilter because
OAuth2AuthorizationRequestRedirectFilter already depends on
DefaultOAuth2AuthorizationRequestResolver.
OAuth2AuthorizationRequestRedirectFilter also takes advantage of the
new constructor that defaults the base uri.
Polishes gh-16384
- Simplify withKeyPair methods to match withPublicKey convention
in NimbusJwtDecoder
- Update tests to confirm support of other algorithms
- Update constructor to apply additional JWK properties
to the default header
- Deduce the possibly algorithms for a given key based
on curve and key size
- Remove algorithm method from EC builder since the
algorithm is determined by the Curve of the EC Key
Issue gh-16267
Co-Authored-By: Suraj Bhadrike <surajbh2233@gmail.com>
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.
Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs
Issue gh-14750
- Aligned JwkSourceJwtDecoderBuilder's relative position with its
corresponding static factory
- Added @since to JwkSourceJwtDecoderBuilder
PR gh-17046
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
This commit corrects the test that checks for both
nbf and exp missing. It also adds one for just exp
and on for just nbf.
Issue gh-17004
Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.
Closes gh-17080
Signed-off-by: David Kowis <david@kow.is>
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.
Closes gh-17080
Signed-off-by: David Kowis <david@kow.is>
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.
Issue gh-16860