Commit Graph

1280 Commits

Author SHA1 Message Date
Steve Riesenberg 9c02e835e8 Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:42:57 -05:00
tinolazreg 3e73fa6954 Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:42:57 -05:00
Igor Bolic 2e66b9f6cc Allow customization of redirect strategy
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
2022-08-08 15:44:01 -05:00
Igor Bolic efaee4e56b Allow customization of redirect strategy
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
2022-08-08 15:35:49 -05:00
Joe Grandja b5b3ddd6b4 Deprecate Resource Owner Password Credentials grant
Closes gh-11590
2022-07-15 16:45:00 -04:00
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant
Closes gh-11590
2022-07-15 16:28:47 -04:00
Joe Grandja 6ee1643bae Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction
Closes gh-11589
2022-07-15 15:13:40 -04:00
Joe Grandja 054791c26c Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction
Closes gh-11588
2022-07-15 15:12:39 -04:00
Joe Grandja 65db5fa028 Remove deprecations in JwtAuthenticationConverter
Closes gh-11587
2022-07-15 14:43:08 -04:00
Joe Grandja 1ac6054e6f Remove deprecations in OidcUserInfo
Closes gh-11586
2022-07-15 14:42:54 -04:00
Joe Grandja 6b41faaf55 Remove deprecations in ClaimAccessor
Closes gh-11585
2022-07-15 14:42:33 -04:00
Joe Grandja 0859da5590 Remove deprecations in OAuth2AuthorizedClientArgumentResolver
Closes gh-11584
2022-07-15 14:42:03 -04:00
Joe Grandja 743b6a5bfe Remove deprecations in OidcClientInitiatedLogoutSuccessHandler
Closes gh-11565
2022-07-15 14:04:09 -04:00
Joe Grandja cae22867b2 Remove deprecated allowMultipleAuthorizationRequests
Closes gh-11564
2022-07-15 13:50:30 -04:00
Joe Grandja 0e291a3295 Remove deprecations in AuthorizationRequestRepository
Closes gh-11519
2022-07-15 08:15:52 -04:00
Joe Grandja e12823095f Remove deprecations in ClientRegistration
Closes gh-11518
2022-07-15 08:15:30 -04:00
Joe Grandja 61b034bf69 Remove deprecations in AbstractOAuth2AuthorizationGrantRequest
Closes gh-11517
2022-07-15 08:14:56 -04:00
Joe Grandja be58e2ac49 Remove deprecations in ClientAuthenticationMethod
Closes gh-11516
2022-07-15 07:45:33 -04:00
Joe Grandja 8c12c3dad0 Remove deprecated converters in OAuth2AccessTokenResponseHttpMessageConverter
Closes gh-11513
2022-07-14 16:55:53 -04:00
Joe Grandja 746d27eab1 Remove deprecated NimbusAuthorizationCodeTokenResponseClient
Closes gh-11512
2022-07-14 16:32:21 -04:00
Joe Grandja 42683693c0 Remove deprecated CustomUserTypesOAuth2UserService
Closes gh-11511
2022-07-14 14:28:41 -04:00
Joe Grandja 67b27a41c3 Remove deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository
Closes gh-11508
2022-07-14 12:10:58 -04:00
Joe Grandja f5a436df80 Remove deprecated NimbusJwtDecoderJwkSupport
Closes gh-11507
2022-07-14 12:09:59 -04:00
Joe Grandja a3326fc0ee Remove deprecated implicit authorization grant type
Closes gh-11506
2022-07-14 10:05:15 -04:00
Joe Grandja 7df9c6eba5 Use OAuth2Token instead of AbstractOAuth2Token
Closes gh-10959
2022-07-13 16:48:28 -04:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor
Closes gh-11499
2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class
Closes gh-10960
2022-07-13 15:51:58 -04:00
Marcus Da Coregio ecbfa84b39 Revert "Disable failing tests until r2dbc-h2 is upgraded"
This reverts commit 614065bb3b.
2022-07-13 10:55:12 -03:00
Marcus Da Coregio 8776f66fb9 Update io.r2dbc:r2dbc-h2 to 1.0.0.RC1
Closes gh-11479
2022-07-13 10:55:12 -03:00
Steve Riesenberg 614065bb3b
Disable failing tests until r2dbc-h2 is upgraded
Issue gh-11479
2022-07-11 10:32:38 -05:00
Rivaldi 757fb38147 Fix typo
(cherry picked from commit 80c5ec459befd9292e08a43e30f4aae22f39eeed)
2022-06-27 16:05:50 -06:00
Josh Cummings 1d72a05c32
Add SecurityContextHolderStrategy to OAuth2
Issue gh-11060
2022-06-27 13:05:12 -06:00
Josh Cummings 539a11d0a4
Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:13:42 -06:00
Josh Cummings f035c30edb
Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:12:13 -06:00
Josh Cummings 01513ab17e
Add placeholders to reactive post_logout_redirect_uri
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
2022-06-16 16:10:26 -06:00
Josh Cummings 6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId
Closes gh-11378
2022-06-16 16:09:57 -06:00
Josh Cummings 3f30de388a
Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:09:56 -06:00
Michael e4505ed6c8
Add placeholders to post_logout_redirect_uri
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
2022-06-16 16:09:56 -06:00
Josh Cummings a8ab432aea
Add placeholders to reactive post_logout_redirect_uri
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
2022-06-16 15:58:44 -06:00
Josh Cummings ebb5746f6e
Reactive OAuth 2.0 logout handler resolves registrationId
Closes gh-11378
2022-06-16 15:58:44 -06:00
Josh Cummings 18f7cf5406
Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 15:58:43 -06:00
Michael cb0ab49adc
Add placeholders to post_logout_redirect_uri
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
2022-06-16 15:58:35 -06:00
Steve Riesenberg d18291676f
Update copyright year
Issue gh-11372
2022-06-15 13:14:07 -05:00
Steve Riesenberg c7df39a3e6
Fix tests using root cause for exception messages
Closes gh-11372
2022-06-14 17:12:15 -05:00
Jyri-Matti Lähteenmäki ca0a6d9777 Treat URLs as String before equals/hashcode
java.net.URL performs DNS lookups whenever its equals/hashCode is
used. Thus attribute values of type java.net.URL need to be converted
to something else before they are used for equals/hashCode.

Closes gh-10673
2022-06-03 11:36:00 -04:00
Kuby e28fcbfbbe
Change phoneNumberVerified with type Boolean
Closes: gh-11315
2022-06-03 10:23:53 -05:00
Kuby 759d799ddd Change phoneNumberVerified with type Boolean
Closes: gh-11315
2022-06-03 09:46:00 -05:00
Marcus Da Coregio b8b0661d73
Lock Dependencies for Release 2022-05-16 14:01:51 -06:00
Marcus Da Coregio 000b87f9aa Revert "Use Spring Framework version 6.0.0-M3"
This reverts commit b803e845e7.
2022-05-11 08:36:14 -03:00
Marcus Da Coregio 806e05855c Replace removed context-related operators
Closes gh-11194
2022-05-10 14:58:02 -03:00
Marcus Da Coregio b803e845e7 Use Spring Framework version 6.0.0-M3
Closes gh-11193
2022-05-10 14:49:02 -03:00
Marcus Da Coregio 50f8df6f07 Use HttpStatusCode
Closes gh-11091
2022-04-11 09:19:56 -03:00
Marcus Da Coregio e1f649690b Adapt to changes in R2DBC 2022-04-11 09:19:47 -03:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors
Issue gh-10989
2022-03-18 22:53:29 -05:00
Steve Riesenberg e81990c44e
Update io.r2dbc to 0.9.1.RELEASE
Closes gh-10988
2022-03-18 18:11:49 -05:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion
Closes gh-9855
2022-03-17 09:53:16 -05:00
Steve Riesenberg 428216b322 Add support for customizing claims in JWT Client Assertion
Closes gh-9855
2022-03-17 09:50:25 -05:00
Joe Grandja 50a3bcf728 Remove unused code 2022-03-17 05:08:39 -04:00
Jánoky László Viktor a88b8bf980 ClientAuthenticationMethod equals and hashCode is consistent
Closes gh-10559
2022-03-17 05:05:47 -04:00
Joe Grandja 50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja 54b033078b Allow configuring PKCE for confidential clients
Closes gh-6548
2022-03-16 13:36:10 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients
Closes gh-6548
2022-03-16 13:33:12 -04:00
Simone Giannino 92a385ed05
OAuth 2.0 logout handler resolves uri placeholders
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Closes gh-7900
2022-03-15 14:05:26 -06:00
Simone Giannino 73003d59d6 OAuth 2.0 logout handler resolves uri placeholders
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
2022-03-15 12:54:39 -06:00
Rob Winch 9b380582dc BearerTokenAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:47:34 -06:00
Rob Winch 9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Josh Cummings 68e2586f06 Move UnmodifiableMapDeserializer
Issue gh-10905
2022-03-01 14:17:17 -07:00
Josh Cummings 931fb6a328 Move UnmodifiableMapDeserializer
Issue gh-10905
2022-03-01 14:03:41 -07:00
Marcus Da Coregio bebd615507 Update io.r2dbc to 0.9.1.RELEASE
Closes gh-10883
2022-02-21 10:35:20 -03:00
Marcus Da Coregio 883c480af0 Update r2dbc-h2 to 0.8.5.RELEASE
Closes gh-10869
2022-02-21 09:20:37 -03:00
Eleftheria Stein d655deb718 Update r2dbc-h2 to 0.8.5.RELEASE
Closes gh-10856
2022-02-21 12:24:24 +01:00
Rob Winch c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 15:32:12 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Marcus Da Coregio d99c08edce Fix failing test in NimbusReactiveJwtDecoderTests 2022-01-17 11:22:05 -03:00
Marcus Da Coregio e2d1bb6998 Update io.r2dbc to 0.9.0.RELEASE
Closes gh-10745
2022-01-17 10:50:47 -03:00
Steve Riesenberg 7c54f98944 Update io.r2dbc to 0.9.0.RELEASE
Closes gh-10717
2022-01-14 11:58:45 -06:00
Joe Grandja 525f40490c Allow Jwt assertion to be resolved
Closes gh-9812
2022-01-10 10:59:14 -05:00
Joe Grandja 214cfe807e Allow Jwt assertion to be resolved
Closes gh-9812
2022-01-10 10:42:10 -05:00
Eleftheria Stein 3389cf3ffc Revert "Lock dependencies"
This reverts commit 83bb4603f8.
2021-12-20 21:55:35 +02:00
Marcus Da Coregio cfbf28b8ba Revert "Lock Dependencies for Release"
This reverts commit 3d4e90ba2a.
2021-12-20 16:47:36 -03:00
Eleftheria Stein 83bb4603f8 Lock dependencies 2021-12-20 21:17:17 +02:00
Marcus Da Coregio 3d4e90ba2a Lock Dependencies for Release 2021-12-20 16:03:13 -03:00
Jonas Erbe 606bf6b38d Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request
error on claim validation failure.

But validators have to return invalid_token errors on failure
according to:

https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.

Closes gh-10337
2021-11-29 13:30:38 -07:00
Jonas Erbe 5c732b9b7f Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:34:53 -07:00
Jonas Erbe aefd2d497c Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:22:30 -07:00
Jonas Erbe 8c063f8ccb Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:13:24 -07:00
Jonas Erbe dec858a5b7 Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:04:30 -07:00
Jonas Erbe 82426e20e1 Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:02:02 -07:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code
Issue https://github.com/spring-projects/spring-framework/issues/27686
2021-11-19 13:06:13 -03:00
Dávid Kováč 17e28fa7aa Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 13:48:32 +01:00
Dávid Kováč aa1ef46d84 Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 13:33:05 +01:00
Dávid Kováč 862122a267 Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 08:13:12 +01:00
Khaled Hamlaoui 00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler
Closes gh-10425
2021-11-16 15:27:48 -06:00
Khaled Hamlaoui 498636e26b Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler
Closes gh-10425
2021-11-16 14:52:08 -06:00
Josh Cummings 7b03fb5321 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 18:17:33 -07:00
Josh Cummings f89a34c30b Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 18:07:14 -07:00
Josh Cummings 72db6a20c9 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 17:44:15 -07:00
Josh Cummings 538541bf40 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 17:35:53 -07:00
Josh Cummings 2a6e00ceb0 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 17:33:03 -07:00
Steve Riesenberg 076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Steve Riesenberg ea352e1c59 Add missing @since 5.6 2021-11-09 14:02:35 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio 010f719344 Upgrade to JDK 17
Closes gh-10343
2021-11-01 09:02:42 -03:00
Marcus Da Coregio 560962649e Remove BlockHound dependency
The dependency is not needed anymore and there is a issue when using OpenJDK 13 or higher https://github.com/reactor/BlockHound/issues/33

Issue gh-10343
2021-11-01 09:02:42 -03:00
Rob Winch e4a76b0ec9 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-22 10:19:34 -05:00
Rob Winch f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Rob Winch 0c088e278a Update r2dbc-spi-test to 0.8.6.RELEASE
Closes gh-10393
2021-10-18 21:03:12 -05:00
Steve Riesenberg 0704c709dc Revert "Lock Dependencies for Release"
This reverts commit 03c2c49d66.
2021-10-18 17:38:07 -05:00
Steve Riesenberg 03c2c49d66 Lock Dependencies for Release 2021-10-18 17:34:42 -05:00
Steve Riesenberg c83bd075a2 Revert "Lock Dependencies for Release"
This reverts commit bedb569f0d.
2021-10-18 16:49:15 -05:00
Steve Riesenberg bedb569f0d Lock Dependencies for Release 2021-10-18 15:38:17 -05:00
Steve Riesenberg b2db2bdb2a Update r2dbc-spi-test to 0.8.6.RELEASE
Closes gh-10410
2021-10-18 14:20:00 -05:00
Joe Grandja 5c8cd23a2d Revert "Lock dependencies"
This reverts commit fc53f81d2e.
2021-10-18 10:48:23 -04:00
Dávid Kováč 64e9ac995a getClaimAsBoolean() should not be falsy
Closes gh-10148
2021-10-14 11:28:09 -05:00
Eleftheria Stein fc53f81d2e Lock dependencies 2021-10-14 15:44:09 +02:00
Philipp Neuschwander 6db58cbf8a Conditionally resolve bearer token from request parameters
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
2021-10-13 17:10:50 -05:00
Dávid Kováč eb0597154d Update JavaDoc according to implementation
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
2021-10-13 13:13:44 -06:00
Dávid Kováč 0299808b05 Add ClaimAccessor tests
Add tests for ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList

Issue gh-10117
2021-10-13 12:53:40 -06:00
Dávid Kováč 125d33e3cf Update JavaDoc according to implementation
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
2021-10-13 12:53:40 -06:00
Joe Grandja e3abaf7999 Add OAuth2ErrorCodes.INVALID_REDIRECT_URI
Closes gh-10370
2021-10-13 14:12:44 -04:00
Steve Riesenberg 3b564b2026 Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient
This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
2021-10-06 13:09:33 -05:00
Steve Riesenberg 9b24f66f1c Implement reactive support for JWT as an Authorization Grant
Closes gh-10147
2021-10-05 16:09:24 -05:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Josh Cummings dc95d8d705 Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 15:23:53 -06:00
Josh Cummings 4df9b4547f Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 14:56:25 -06:00
Josh Cummings 1f919bc791 Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 14:55:37 -06:00
Josh Cummings 0f8fa36b93 Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 13:24:51 -06:00
Darren Forsythe 5556b821e3 Check for multiple access tokens per rfc 6750
Check for multiple access tokens on the ServerHttpRequest rather than get get first. If multiples are found throw a OAuth2AuthenticationException.

Closes gh-5708
2021-09-28 08:07:06 -06:00
Joe Grandja 97c949d929 oauth2Login() AuthenticationProvider's preserve root cause exception when rethrown
Closes gh-10228
2021-09-24 10:41:31 -04:00
Joe Grandja 5830fda2fa Introduce JwtEncoder
Closes gh-9208
2021-09-24 05:13:40 -04:00
bishoy basily 860690491a Add setBodyExtractor
Closes gh-10260
2021-09-22 15:32:19 -06:00
Josh Cummings 7b599d4770 Share JWKSource Instances
Closes gh-10312
2021-09-22 13:28:08 -06:00
Josh Cummings 4e7c9bee46 Add Supplier JwtDecoders
Closes gh-9991
2021-09-22 10:58:55 -06:00
Rob Winch 62db842865 Update com.nimbusds to 9.15
Closes gh-10287
2021-09-17 16:40:58 -05:00
Ashley Scopes 171522ebf2 Replace usages of deprecated OAuth2IntrospectionClaimNames
Replace all usages of OAuth2IntrospectionClaimNames with
the suggested OAuth2TokenIntrospectionClaimNames.

There does not appear to be any further usages of OAuth2IntrospectionClaimNames,
so it should be suitable for removal when appropriate in accordance with the
deprecation policy.
2021-09-15 15:05:08 -06:00
Ashley Scopes 7ccc915b2b Ensuring consistency in error handling of opaque providers/managers
The OpaqueTokenAuthenticationProvider now propagates the cause of
introspection exceptions in the same way that the reactive
OpaqueTokenReactiveAuthenticationManager does.

Fixed a final field warning on both OpaqueTokenAuthenticationProvider
and OpaqueTokenReactiveAuthenticationManager.
2021-09-15 15:05:08 -06:00
Ashley Scopes e9d5bbba34 Fixed final field warnings in opaque token introspectors 2021-09-15 15:05:08 -06:00
Ashley Scopes 95c2403968 Fixed potential NullPointerException in opaque token introspection
It appears Nimbus does not check the presence of the Content-Type
header before parsing it in some versions, and since prior to this
commit, the code is .toString()-ing the result, a malformed response
(such as that from a misbehaving cloud gateway) that does not include
a Content-Type would currently throw a NullPointerException.

In addition to this, I have added a little more information to the
log output for this module on the standard and reactive implementations
to aid in debugging authorization/authentication issues much more
easily.
2021-09-15 15:05:08 -06:00
Ashley Scopes dd43d9198b Amended treatment of OAuth2 'iss' claim
Prior to this commit, the OAuth2 resource server code is failing any issuer
that is not a valid URL. This does not correspond to
https://datatracker.ietf.org/doc/html/rfc7662#page-7 which redirects to
https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1, defining an
issuer as being a "StringOrURI", which is defined at
https://datatracker.ietf.org/doc/html/rfc7519#page-5 as being
an "arbitrary string value" that "MUST be a URI" only for
"any value containing a ':'".

The issue currently is that an issuer that is not a valid URL may be
provided, which will automatically result in the request being aborted
due to being invalid.

I have removed the check entirely, since while the claim could be invalid,
it is still a response that the OAuth2 introspection endpoint has provided.
In the liklihood that interpretations of this behaviour are different for
the OAuth2 server implementation in use, this currently stops Spring
Security from being able to be used at all without implementing a custom
introspector from scratch.

It is also worth noting that the spec does not specify whether it is
valid to normalize issuers or not if they are valid URLs. This may cause
other unintended side effects as a result of this change, so it is
safer to disable it entirely.
2021-09-15 15:05:08 -06:00
Ayush Kohli f1691370d6 Closes gh-10222 2021-09-03 10:58:01 -06:00
/usr/local/ΕΨΗΕΛΩΝ 4302a86fad
Default principalClaimName to SUB
Closes gh-10214
2021-08-20 15:02:22 -06:00
Rujun Chen 9b4ddd7e0a Make AuthorizationGrantTypeConverter support custom grant type
Closes gh-10155
2021-08-19 13:13:20 -04:00
Fabio Guenci 8c1201ae49
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-16 15:07:23 -06:00
Joe Grandja ec6b2203ca Revert "Lock Dependencies for Release"
This reverts commit 067bdd0dd9.
2021-08-16 11:55:39 -04:00
Joe Grandja 067bdd0dd9 Lock Dependencies for Release 2021-08-16 11:12:40 -04:00
Fabio Guenci 9925c6a4c0
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-16 08:44:27 -06:00
Fabio Guenci f33598946f
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-16 08:40:39 -06:00
Fabio Guenci b067aa4653
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-16 08:22:31 -06:00
Marcus Da Coregio c706a103f9 Revert "Lock Dependencies"
This reverts commit 1533f098d2.
2021-08-16 10:35:39 -03:00
Marcus Da Coregio 1533f098d2 Lock Dependencies 2021-08-16 09:42:34 -03:00
Josh Cummings cdc902d04d
Update SpringOpaqueTokenIntrospector
Issue gh-9647
2021-08-12 16:52:02 -06:00
Dávid Kováč 3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
2021-08-12 16:51:33 -06:00
Josh Cummings b83a4c2985
Polish Preserve Null Claim Values
Preserves the original behavior of ClaimTypeConverter so that its
converters can maintain their default behavior of null meaning that
conversion failed.

Issue gh-10135
2021-08-12 10:22:44 -06:00
Fabio Guenci 30a1c1af7c
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-12 10:09:34 -06:00
Steve Riesenberg 6d6dc113d8 Add converter for authentication result in OAuth2LoginAuthenticationFilter
Closes gh-10033
2021-08-10 16:50:19 -05:00
Steve Riesenberg fc553bf19a Add gh-10130 to tests 2021-08-09 15:33:54 -05:00
Steve Riesenberg acca3dba69 Polish gh-10131 2021-08-09 11:07:12 -05:00
Vincent Boulaye 044157061f Enable customizing headers in token requests
Adds the possibility to customize the headers of the access token request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient, similarly to what is done in the AbstractOAuth2AuthorizationGrantRequestEntityConverter.

Closes gh-10130
2021-08-09 10:50:37 -05:00
Josh Cummings 6370906ead
Add SpringOpaqueTokenIntrospector
Closes gh-9354
2021-07-26 10:50:50 -06:00
Steve Riesenberg e1b6a7ba29 Revert "URL encode client credentials"
This reverts commit c0200512a7.

Issue gh-9610 gh-9863
Closes gh-10018
2021-07-20 14:06:46 -05:00
Steve Riesenberg f55247e28a Revert "URL encode client credentials"
This reverts commit 6cafa48369.

Issue gh-9610 gh-9862
Closes gh-10018
2021-07-20 14:05:55 -05:00
Steve Riesenberg dc81e1c86b Revert "URL encode client credentials"
This reverts commit 5243b1b8a8.

Issue gh-9610 gh-9861
Closes gh-10018
2021-07-20 13:29:29 -05:00
Steve Riesenberg dfebd6d9d4 Revert "URL encode client credentials"
This reverts commit e6c268add0.

Issue gh-9610 gh-9858
Closes gh-10018
Closes gh-10121
2021-07-20 12:59:44 -05:00
Steve Riesenberg f5266c7511 Remove wildcard from generics in converter
Polish gh-9779
2021-07-12 23:42:47 -05:00
Rob Winch f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch 98bd772b67 format 2021-07-09 14:49:47 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Marcus Da Coregio b0d22d1a03 Revert "Lock Dependencies"
This reverts commit eb300c78bd.
2021-06-22 10:20:07 -03:00
Steve Riesenberg c17767883f Revert "Lock Dependencies for Release"
This reverts commit d71be4ca28.
2021-06-21 12:57:05 -05:00
Josh Cummings d71be4ca28
Lock Dependencies for Release 2021-06-21 10:33:10 -06:00
Marcus Da Coregio eb300c78bd Lock Dependencies 2021-06-21 09:23:19 -03:00
Arnaud Mergey 1cd4ffeeb7
fix typo preventing full exception to be displayed in log
closes gh-9901
2021-06-17 08:40:55 -06:00
Arnaud Mergey 5fd81eeaf1
fix typo preventing full exception to be displayed in log
closes gh-9901
2021-06-17 08:38:24 -06:00
Josh Cummings d4c3cea0e6
Update Copyright
Issue gh-9901
2021-06-17 08:34:31 -06:00
Arnaud Mergey 1d606ccedb fix typo preventing full exception to be displayed in log
closes gh-9901
2021-06-17 08:33:32 -06:00
Steve Riesenberg a332e2a728
Support additional client authentication methods
Closes gh-9780
2021-06-16 16:03:13 -05:00
Steve Riesenberg 9daf058a6e
Handle missing authorization endpoint uri
Closes gh-9795
2021-06-16 16:00:53 -05:00
Steve Riesenberg 839cc5e851
Remove validation for unsupported grant types
Closes gh-9828
2021-06-16 15:55:45 -05:00
Steve Riesenberg 807ce30948 Support additional client authentication methods
Closes gh-9780
2021-06-16 15:48:03 -05:00
Steve Riesenberg 0cba0874f3 Handle missing authorization endpoint uri
Closes gh-9795
2021-06-16 15:38:53 -05:00
Steve Riesenberg 9b05afdee8 Remove validation for unsupported grant types
Closes gh-9828
2021-06-16 14:54:33 -05:00
Joe Grandja 6fbd038111 Jwt client authentication converter detects new key
Closes gh-9814
2021-06-16 12:58:01 -04:00
Joe Grandja eb6ed283e0 Jwt client authentication converter detects new key
Closes gh-9814
2021-06-16 12:55:12 -04:00
Steve Riesenberg 67a18f564a Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
2021-06-15 12:14:37 -05:00
Steve Riesenberg b6ae11295f Commit missing compile fix from cherry-pick conflict 2021-06-15 12:10:06 -05:00
Steve Riesenberg ee9c8e2fd0 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
2021-06-15 12:06:22 -05:00
Steve Riesenberg a108868529 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
Closes gh-9912
2021-06-15 11:44:34 -05:00
Steve Riesenberg 700bda68b7 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
2021-06-15 11:32:35 -05:00
Steve Riesenberg aed993f3e5
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
2021-06-15 11:03:30 -05:00
Steve Riesenberg c0200512a7 URL encode client credentials
Closes gh-9610
2021-06-08 08:27:20 -05:00
Eleftheria Stein 36805c7192 Revert "Use strict equality for timestamp comparison in JDBC tests"
This reverts commit 09a0670cb6.

This appears to still be an issue in Windows

Issue gh-8782
2021-06-08 10:13:53 +03:00
Eleftheria Stein 09a0670cb6 Use strict equality for timestamp comparison in JDBC tests
This is possible because of the update to HSQLDB 2.6.0
This reverts commit eb7b27695d.

Closes gh-8782
2021-06-08 09:31:55 +03:00
Eleftheria Stein 204a32aba8 Replace < and > with &lt and &gt in Javadoc
Closes gh-9847
2021-06-04 12:26:07 +03:00
Steve Riesenberg 6cafa48369 URL encode client credentials
Closes gh-9610
2021-06-03 09:39:00 -05:00
Steve Riesenberg 5243b1b8a8 URL encode client credentials
Closes gh-9610
2021-06-03 09:29:25 -05:00
Steve Riesenberg e6c268add0 URL encode client credentials
Closes gh-9610
2021-06-03 09:12:18 -05:00
Steve Riesenberg 10de63ce89 Access Token Response supports any data type
Changed the converter used to convert a map into an OAuth2AccessTokenResponse to
support any object as the value, including json numbers and nested objects. Also
deprecated old classes/setters and added new classes/setters.

Closes gh-9685
2021-06-01 14:38:14 -05:00
Steve Riesenberg ac9b137cad URL encode client credentials
Closes gh-9610
2021-06-01 12:57:06 -05:00
Josh Cummings 6d816fbf85
Polish postLogoutRedirectUri encoding
Issue gh-9511
2021-05-26 14:38:20 -06:00
Hans Hosea Schaefer e52b104636
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 14:36:05 -06:00
Josh Cummings 24c3c52254
Polish postLogoutRedirectUri encoding
Issue gh-9511
2021-05-26 13:58:28 -06:00
Hans Hosea Schaefer 499701e67a
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 13:58:23 -06:00
Josh Cummings f48a006034
Polish postLogoutRedirectUri encoding
Issue gh-9511
2021-05-26 13:51:26 -06:00
Hans Hosea Schaefer b7a0959ede
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 13:51:15 -06:00
Josh Cummings 65ecaa0c28
Polish postLogoutRedirectUri encoding
Issue gh-9511
2021-05-26 12:31:41 -06:00
Hans Hosea Schaefer b671a96073
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 12:10:03 -06:00
Steve Riesenberg d3a3c36ad3 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 16:14:35 -05:00
Steve Riesenberg 22272321f2 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 15:37:37 -05:00
Steve Riesenberg 589eccc547 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 15:08:05 -05:00
Steve Riesenberg de4b3a4310 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 13:41:04 -05:00
Steve Riesenberg 36dcbe24d0 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 13:31:34 -05:00
Rob Winch 372c2b805b Update r2dbc-spi-test to 0.8.5.RELEASE
Closes gh-9752
2021-05-14 13:23:54 -05:00
Josh Cummings 5b24bd1288
Adjust ClientRegistrationsTests
Closes gh-9748
2021-05-14 10:30:46 -06:00
Rob Winch c9a8419e22 Additional HttpSessionOAuth2AuthorizationRequestRepository tests
Issue gh-5145
2021-05-13 20:12:15 -04:00
Craig Andrews ecb4a5749a HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 20:12:00 -04:00
Rob Winch a4216d0ea5 Additional HttpSessionOAuth2AuthorizationRequestRepository tests
Issue gh-5145
2021-05-13 19:52:00 -04:00
Craig Andrews b8eee2002f HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 19:50:47 -04:00
Rob Winch f3436f25fb Additional HttpSessionOAuth2AuthorizationRequestRepository tests
Issue gh-5145
2021-05-13 14:01:04 -04:00
Craig Andrews e447a35cf2 HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 14:00:53 -04:00
Asian Malaysian Vietnamese 5f6de026a8 Update javadoc AuthorizationCodeOAuth2AuthorizedClientProvider
Closes gh-9708
2021-05-13 13:02:08 -04:00
Rob Winch 64b7af473d Additional HttpSessionOAuth2AuthorizationRequestRepository tests
Issue gh-5145
2021-05-12 14:59:25 -05:00
Craig Andrews 35f5ebdbcf HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
2021-05-12 14:59:25 -05:00
Marcus Hert da Coregio 6413511eb6 Update Deprecated Property in Opaque Token Introspectors
Update NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to use MediaType.APPLICATION_JSON instead of the deprecated MediaType.APPLICATION_JSON_UTF8

Closes gh-9353
2021-05-06 13:47:09 -06:00
Joe Grandja 761e3a9dd8 JwtBearerOAuth2AuthorizedClientProvider checks for access token expiry
Fixes gh-9700
2021-04-30 10:12:38 -04:00
Josh Cummings b0011893d2
Update Copyright
Issue gh-9651
2021-04-20 10:43:20 -06:00
Tibor Koch 5da472f3be Fix ClassCastException
Closes gh-9651
2021-04-20 10:42:52 -06:00
Joe Grandja 26c6570b10 Revert "Lock Dependencies"
This reverts commit b3250c06a9.
2021-04-12 14:42:38 -04:00
Joe Grandja b3250c06a9 Lock Dependencies 2021-04-12 14:19:19 -04:00
Joe Grandja 8850ccb1c6 Revert "Lock Dependencies"
This reverts commit 924ceac681.
2021-04-12 13:47:04 -04:00
Joe Grandja 924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
Josh Cummings 7ded671858
Refactor AuthenticationDetailsSource support
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
2021-04-09 12:41:16 -06:00
Joe Grandja b556655290 Make OAuth2AuthorizationResponseType constructor public
Closes gh-9584
2021-04-09 08:01:08 -04:00
Joe Grandja dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN
Closes gh-9582
2021-04-09 07:46:21 -04:00
Joe Grandja eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi 7694aa27cf Add jwt-bearer authorization grant
Closes gh-6053
2021-04-09 06:22:29 -04:00
Joe Grandja 9c97970e26 Add Jwt Client Authentication support
Closes gh-8175
2021-04-08 15:44:33 -04:00
Rob Winch f3f1106624 Update io.spring.javaformat to 0.0.27
Closes gh-9553
2021-04-05 22:23:59 -05:00
Rob Winch 8323590b6c Update r2dbc-spi-test to 0.8.4.RELEASE
Closes gh-9551
2021-04-05 22:23:59 -05:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies"))
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names
Closes gh-9540
2021-04-05 10:36:36 -05:00
Hassene Laaribi b8e47882aa Fix test to use non-expired token
Closes gh-9506
2021-03-17 17:38:08 +01:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3"
This reverts commit f05cc6269c.
2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings b774e91734
Polish BearerTokenAuthenticationConverter
Issue gh-8840
2021-03-12 15:05:06 -07:00
Jeongjin Kim 31f310fd22
Add BearerTokenAuthenticationConverter
BearerTokenAuthenticationConverter is introduced to solve the
problem of not being able to change AuthenticationDetailsSource.
BearerTokenAuthenticationFilter delegates to
BearerTokenAuthenticationConverter the task of creating
BearerTokenAuthenticationToken and setting AuthenticationDetailsSource.
BearerTokenAuthenticationConverter is customizable and the customized
converter can be used in BearerTokenAuthenticationFilter.

Closes gh-8840
2021-03-12 15:05:06 -07:00
Josh Cummings 71e0967b53
Revert "Lock Dependencies for Release"
This reverts commit 8c04074264.
2021-02-17 15:59:48 -07:00
Josh Cummings 8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Josh Cummings 5e5ff27109
Configure Jackson for nanosecond precision
Closes gh-9461
2021-02-17 11:53:36 -07:00
Josh Cummings a0a9718b8b
Use Instant with micro-second precision
Closes gh-9449
2021-02-17 11:31:23 -07:00
Josh Cummings cf032d86d6
Revert "Lock Dependencies"
This reverts commit 9535a41d5a.
2021-02-11 18:38:07 -07:00
Josh Cummings 9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Josh Cummings f449da8b78
Revert "Lock Dependencies"
This reverts commit d17ebf53f9.
2021-02-11 17:28:01 -07:00
Josh Cummings d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies"
This reverts commit a85caa4098.
2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Rob Winch 71f9876c48 Revert "Lock dependencies"
This reverts commit dca4858d81.
2021-02-11 13:38:50 -06:00
Rob Winch dca4858d81 Lock dependencies 2021-02-11 13:00:32 -06:00
Rob Winch ec8f6014d4 Revert "Lock dependencies"
This reverts commit fa5f789beb.
2021-02-11 09:51:54 -06:00
Rob Winch fa5f789beb Lock dependencies 2021-02-11 08:53:40 -06:00
Josh Cummings 02d017abf7
Adjust Test Assertion
- Netty returns a slightly different exception on Windows,
so adjusted assertion accordingly.

Issue gh-9421
2021-02-10 13:20:51 -07:00
Josh Cummings ccb3b02888
Bearer Token Server-side Errors Return 500
Closes gh-9395
2021-02-10 12:35:34 -07:00
Josh Cummings e79141a188
Downgrade nimbus-jose-jwt to 8.+
Closes gh-9399
2021-02-03 13:18:18 -07:00
Joe Grandja 542c625d7d Allow null or empty authorities for DefaultOAuth2User
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
2021-02-02 04:43:29 -05:00
Joe Grandja e7acd1219d Allow null or empty authorities for DefaultOAuth2User
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
2021-02-02 04:35:39 -05:00
Mayur Patel fc24c7991c Allow null or empty authorities for DefaultOAuth2User
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
2021-02-01 17:26:56 -05:00
Mayur Patel 75706f118c Allow null or empty authorities for DefaultOAuth2User
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
2021-02-01 17:09:07 -05:00
Benjamin Faal 98399c920a Make user info response status check error only
Closes gh-9336
2021-01-25 11:10:03 -05:00
Benjamin Faal 0f7360e8fa Make user info response status check error only
Closes gh-9336
2021-01-25 10:46:07 -05:00
Benjamin Faal f6b678f137 Make user info response status check error only
Closes gh-9336
2021-01-25 10:23:49 -05:00
Benjamin Faal d85a7cfc4a Make user info response status check error only
Closes gh-9336
2021-01-25 10:02:58 -05:00
tristanessquare 580b988e7f
Fix NullPointerException
- Caused by a malformed WWW-Authenticate value

Closes gh-9364
2021-01-21 16:22:29 -07:00
tristanessquare 56db058fd0
Fix NullPointerException
- Caused by a malformed WWW-Authenticate value
2021-01-21 16:18:23 -07:00
Josh Cummings f36e2fca59
Remove SingleKeyJWSKeySelector
Closes gh-9348
2021-01-15 22:15:56 -07:00
Josh Cummings 6499a235b0
Suppress Compiler Warnings 2021-01-08 11:30:28 -07:00
Josh Cummings 2566abec31
Add Type Parameter
Closes gh-8412
2020-12-11 10:20:18 -07:00
Ovidiu Popa 174b71c017 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 11:42:00 -05:00
Ovidiu Popa 7d31837af3 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 11:20:11 -05:00
Ovidiu Popa b8175bccd2 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 10:54:00 -05:00
Ovidiu Popa d5d0be36f4 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 09:58:30 -05:00
Josh Cummings 1af21a9d02
Revert "Lock Dependencies for 5.4.2"
This reverts commit 046bc9789f.
2020-12-02 22:21:02 -07:00
Josh Cummings 7c2010f507
Revert "Lock Dependencies for 5.3.6"
This reverts commit a153012056.
2020-12-02 19:32:03 -07:00
Josh Cummings 046bc9789f
Lock Dependencies for 5.4.2 2020-12-02 17:36:26 -07:00
Josh Cummings a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
olivier.antoine 808b8c3256 Avoid ClassCastException if principalClaim value is not a String
Closes gh-9212
2020-12-02 16:15:10 -07:00
Joe Grandja 58e3235093 Deprecate ClientAuthenticationMethod BASIC and POST
Closes gh-9220
2020-11-25 15:13:28 -05:00
grimsa c002c6f9f3
Add ClaimAccessor#hasClaim
The new method is intended to replace ClaimAccessor#containsClaim, the
return type of which was non-primitive Boolean. The existing
containsClaim method is now deprecated.

Closes gh-9201
2020-11-25 11:58:17 -07:00
Josh Cummings b0d4e500a8
Polish Add DelegatingJwtGrantedAuthoritiesConverter
- Adjusted internal logic to follow DelegatingOAuth2TokenValidator
- Changed JavaDoc to align more closely with
JwtGrantedAuthoritiesConverter
- Polished test names to follow Spring Security naming convention
- Updated test class name to follow Spring Security naming convention
- Polished tests to use TestJwts
- Added tests to address additional use cases

Closes gh-7596
2020-11-24 15:31:07 -07:00
Ropi 97cc119d86
Add DelegatingJwtGrantedAuthoritiesConverter
Closes gh-7596
2020-11-24 14:18:40 -07:00
Josh Cummings af669a2166
Remove Reliance on BearerTokenResolver
Closes gh-9186
2020-11-12 15:40:55 -07:00
Joe Grandja 61550f8a48 Add convenience constructor in OAuth2AuthenticationException
Closes gh-9190
2020-11-04 13:37:14 -05:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Arvid Ottenberg d0d655e18d
Allow Customization of Bearer Token Resolution
Closes gh-8535
2020-11-03 14:34:46 -07:00
Joe Grandja 9d1637d2cd Add unsupported_token_type to OAuth2ErrorCodes
Closes gh-9184
2020-11-03 14:11:01 -05:00
Joe Grandja dafedf93fa Fix format gh-9183 2020-11-03 14:00:07 -05:00
Joe Grandja aeb999eae2 Add token and token_type_hint to OAuth2ParameterNames
Closes gh-9183
2020-11-03 13:42:28 -05:00
Joe Grandja 0c25b8c1f9 Introduce JwaAlgorithm
Closes gh-9182
2020-11-03 13:03:50 -05:00
Joe Grandja c069692ab9 Extract OAuth2Token from AbstractOAuth2Token
Closes gh-5502
2020-11-02 20:35:08 -05:00