Commit Graph

209 Commits

Author SHA1 Message Date
Steve Riesenberg 67a00bcaa0
Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant
Closes gh-11590
2022-07-15 16:28:47 -04:00
Kuby 759d799ddd Change phoneNumberVerified with type Boolean
Closes: gh-11315
2022-06-03 09:46:00 -05:00
Rob Winch f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Dávid Kováč 64e9ac995a getClaimAsBoolean() should not be falsy
Closes gh-10148
2021-10-14 11:28:09 -05:00
Dávid Kováč 0299808b05 Add ClaimAccessor tests
Add tests for ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList

Issue gh-10117
2021-10-13 12:53:40 -06:00
Dávid Kováč 125d33e3cf Update JavaDoc according to implementation
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
2021-10-13 12:53:40 -06:00
Joe Grandja e3abaf7999 Add OAuth2ErrorCodes.INVALID_REDIRECT_URI
Closes gh-10370
2021-10-13 14:12:44 -04:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Dávid Kováč 3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
2021-08-12 16:51:33 -06:00
Josh Cummings b83a4c2985
Polish Preserve Null Claim Values
Preserves the original behavior of ClaimTypeConverter so that its
converters can maintain their default behavior of null meaning that
conversion failed.

Issue gh-10135
2021-08-12 10:22:44 -06:00
Fabio Guenci 30a1c1af7c
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-12 10:09:34 -06:00
Steve Riesenberg f5266c7511 Remove wildcard from generics in converter
Polish gh-9779
2021-07-12 23:42:47 -05:00
Rob Winch f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch 98bd772b67 format 2021-07-09 14:49:47 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Steve Riesenberg 10de63ce89 Access Token Response supports any data type
Changed the converter used to convert a map into an OAuth2AccessTokenResponse to
support any object as the value, including json numbers and nested objects. Also
deprecated old classes/setters and added new classes/setters.

Closes gh-9685
2021-06-01 14:38:14 -05:00
Joe Grandja b556655290 Make OAuth2AuthorizationResponseType constructor public
Closes gh-9584
2021-04-09 08:01:08 -04:00
Joe Grandja dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN
Closes gh-9582
2021-04-09 07:46:21 -04:00
Joe Grandja eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi 7694aa27cf Add jwt-bearer authorization grant
Closes gh-6053
2021-04-09 06:22:29 -04:00
Joe Grandja 9c97970e26 Add Jwt Client Authentication support
Closes gh-8175
2021-04-08 15:44:33 -04:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies"))
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names
Closes gh-9540
2021-04-05 10:36:36 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3"
This reverts commit f05cc6269c.
2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies"
This reverts commit a85caa4098.
2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Mayur Patel 75706f118c Allow null or empty authorities for DefaultOAuth2User
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
2021-02-01 17:09:07 -05:00
Josh Cummings 6499a235b0
Suppress Compiler Warnings 2021-01-08 11:30:28 -07:00
Ovidiu Popa d5d0be36f4 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 09:58:30 -05:00
Joe Grandja 58e3235093 Deprecate ClientAuthenticationMethod BASIC and POST
Closes gh-9220
2020-11-25 15:13:28 -05:00
grimsa c002c6f9f3
Add ClaimAccessor#hasClaim
The new method is intended to replace ClaimAccessor#containsClaim, the
return type of which was non-primitive Boolean. The existing
containsClaim method is now deprecated.

Closes gh-9201
2020-11-25 11:58:17 -07:00
Joe Grandja 61550f8a48 Add convenience constructor in OAuth2AuthenticationException
Closes gh-9190
2020-11-04 13:37:14 -05:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Joe Grandja 9d1637d2cd Add unsupported_token_type to OAuth2ErrorCodes
Closes gh-9184
2020-11-03 14:11:01 -05:00
Joe Grandja dafedf93fa Fix format gh-9183 2020-11-03 14:00:07 -05:00
Joe Grandja aeb999eae2 Add token and token_type_hint to OAuth2ParameterNames
Closes gh-9183
2020-11-03 13:42:28 -05:00
Joe Grandja c069692ab9 Extract OAuth2Token from AbstractOAuth2Token
Closes gh-5502
2020-11-02 20:35:08 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Joe Grandja b182d9def1 Fix code formatting
Issue gh-9146
2020-10-22 13:30:48 -04:00
Alexey Nesterov 339da36878 Add refresh token expiration support
Closes gh-9146
2020-10-22 12:41:48 -04:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0"
This reverts commit 3d0e459182.
2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Rob Winch 2abf59b695 Merge Formatting Changes
Issue gh-8945
2020-08-24 17:33:23 -05:00
Rob Winch a729d24d47 Polish oauth2-core format
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
2020-08-24 17:33:09 -05:00