f55247e28a
Revert "URL encode client credentials"
...
This reverts commit 6cafa48369
2021-07-20 14:05:55 -05:00
dc81e1c86b
Revert "URL encode client credentials"
...
This reverts commit 5243b1b8a8
2021-07-20 13:29:29 -05:00
dfebd6d9d4
Revert "URL encode client credentials"
...
This reverts commit e6c268add0
2021-07-20 12:59:44 -05:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
b0d22d1a03
Revert "Lock Dependencies"
...
This reverts commit eb300c78bd
2021-06-22 10:20:07 -03:00
c17767883f
Revert "Lock Dependencies for Release"
...
This reverts commit d71be4ca28
2021-06-21 12:57:05 -05:00
d71be4ca28
Lock Dependencies for Release
2021-06-21 10:33:10 -06:00
eb300c78bd
Lock Dependencies
2021-06-21 09:23:19 -03:00
1cd4ffeeb7
fix typo preventing full exception to be displayed in log
...
closes gh-9901
2021-06-17 08:40:55 -06:00
5fd81eeaf1
fix typo preventing full exception to be displayed in log
...
closes gh-9901
2021-06-17 08:38:24 -06:00
d4c3cea0e6
Update Copyright
...
Issue gh-9901
2021-06-17 08:34:31 -06:00
1d606ccedb
fix typo preventing full exception to be displayed in log
...
closes gh-9901
2021-06-17 08:33:32 -06:00
a332e2a728
Support additional client authentication methods
...
Closes gh-9780
2021-06-16 16:03:13 -05:00
9daf058a6e
Handle missing authorization endpoint uri
...
Closes gh-9795
2021-06-16 16:00:53 -05:00
839cc5e851
Remove validation for unsupported grant types
...
Closes gh-9828
2021-06-16 15:55:45 -05:00
807ce30948
Support additional client authentication methods
...
Closes gh-9780
2021-06-16 15:48:03 -05:00
0cba0874f3
Handle missing authorization endpoint uri
...
Closes gh-9795
2021-06-16 15:38:53 -05:00
9b05afdee8
Remove validation for unsupported grant types
...
Closes gh-9828
2021-06-16 14:54:33 -05:00
6fbd038111
Jwt client authentication converter detects new key
...
Closes gh-9814
2021-06-16 12:58:01 -04:00
eb6ed283e0
Jwt client authentication converter detects new key
...
Closes gh-9814
2021-06-16 12:55:12 -04:00
67a18f564a
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
...
Related to gh-9649
Closes gh-9857
2021-06-15 12:14:37 -05:00
b6ae11295f
Commit missing compile fix from cherry-pick conflict
2021-06-15 12:10:06 -05:00
ee9c8e2fd0
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
...
Related to gh-9649
Closes gh-9857
2021-06-15 12:06:22 -05:00
a108868529
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
...
Related to gh-9649
Closes gh-9857
Closes gh-9912
2021-06-15 11:44:34 -05:00
700bda68b7
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
...
Related to gh-9649
Closes gh-9857
2021-06-15 11:32:35 -05:00
aed993f3e5
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
...
Related to gh-9649
Closes gh-9857
2021-06-15 11:03:30 -05:00
c0200512a7
URL encode client credentials
...
Closes gh-9610
2021-06-08 08:27:20 -05:00
36805c7192
Revert "Use strict equality for timestamp comparison in JDBC tests"
...
This reverts commit 09a0670cb6
2021-06-08 10:13:53 +03:00
09a0670cb6
Use strict equality for timestamp comparison in JDBC tests
...
This is possible because of the update to HSQLDB 2.6.0
This reverts commit eb7b27695d
2021-06-08 09:31:55 +03:00
6cafa48369
URL encode client credentials
...
Closes gh-9610
2021-06-03 09:39:00 -05:00
5243b1b8a8
URL encode client credentials
...
Closes gh-9610
2021-06-03 09:29:25 -05:00
e6c268add0
URL encode client credentials
...
Closes gh-9610
2021-06-03 09:12:18 -05:00
ac9b137cad
URL encode client credentials
...
Closes gh-9610
2021-06-01 12:57:06 -05:00
6d816fbf85
Polish postLogoutRedirectUri encoding
...
Issue gh-9511
2021-05-26 14:38:20 -06:00
e52b104636
Encode postLogoutRedirectUri query params
...
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly
Closes gh-9511
2021-05-26 14:36:05 -06:00
24c3c52254
Polish postLogoutRedirectUri encoding
...
Issue gh-9511
2021-05-26 13:58:28 -06:00
499701e67a
Encode postLogoutRedirectUri query params
...
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly
Closes gh-9511
2021-05-26 13:58:23 -06:00
f48a006034
Polish postLogoutRedirectUri encoding
...
Issue gh-9511
2021-05-26 13:51:26 -06:00
b7a0959ede
Encode postLogoutRedirectUri query params
...
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly
Closes gh-9511
2021-05-26 13:51:15 -06:00
65ecaa0c28
Polish postLogoutRedirectUri encoding
...
Issue gh-9511
2021-05-26 12:31:41 -06:00
b671a96073
Encode postLogoutRedirectUri query params
...
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly
Closes gh-9511
2021-05-26 12:10:03 -06:00
d3a3c36ad3
Handle custom status codes in error handler
...
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
2021-05-25 16:14:35 -05:00
22272321f2
Handle custom status codes in error handler
...
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
2021-05-25 15:37:37 -05:00
589eccc547
Handle custom status codes in error handler
...
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
2021-05-25 15:08:05 -05:00
de4b3a4310
Handle custom status codes in error handler
...
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
2021-05-25 13:41:04 -05:00
36dcbe24d0
Handle custom status codes in error handler
...
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
2021-05-25 13:31:34 -05:00
372c2b805b
Update r2dbc-spi-test to 0.8.5.RELEASE
...
Closes gh-9752
2021-05-14 13:23:54 -05:00
5b24bd1288
Adjust ClientRegistrationsTests
...
Closes gh-9748
2021-05-14 10:30:46 -06:00
c9a8419e22
Additional HttpSessionOAuth2AuthorizationRequestRepository tests
...
Issue gh-5145
2021-05-13 20:12:15 -04:00
ecb4a5749a
HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
...
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 20:12:00 -04:00
a4216d0ea5
Additional HttpSessionOAuth2AuthorizationRequestRepository tests
...
Issue gh-5145
2021-05-13 19:52:00 -04:00
b8eee2002f
HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
...
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 19:50:47 -04:00
f3436f25fb
Additional HttpSessionOAuth2AuthorizationRequestRepository tests
...
Issue gh-5145
2021-05-13 14:01:04 -04:00
e447a35cf2
HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
...
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 14:00:53 -04:00
5f6de026a8
Update javadoc AuthorizationCodeOAuth2AuthorizedClientProvider
...
Closes gh-9708
2021-05-13 13:02:08 -04:00
64b7af473d
Additional HttpSessionOAuth2AuthorizationRequestRepository tests
...
Issue gh-5145
2021-05-12 14:59:25 -05:00
35f5ebdbcf
HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
...
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
2021-05-12 14:59:25 -05:00
761e3a9dd8
JwtBearerOAuth2AuthorizedClientProvider checks for access token expiry
...
Fixes gh-9700
2021-04-30 10:12:38 -04:00
26c6570b10
Revert "Lock Dependencies"
...
This reverts commit b3250c06a9
2021-04-12 14:42:38 -04:00
b3250c06a9
Lock Dependencies
2021-04-12 14:19:19 -04:00
8850ccb1c6
Revert "Lock Dependencies"
...
This reverts commit 924ceac681
2021-04-12 13:47:04 -04:00
924ceac681
Lock Dependencies
2021-04-12 13:36:39 -04:00
eff4cdc924
Polish gh-9505
2021-04-09 06:22:29 -04:00
7694aa27cf
Add jwt-bearer authorization grant
...
Closes gh-6053
2021-04-09 06:22:29 -04:00
9c97970e26
Add Jwt Client Authentication support
...
Closes gh-8175
2021-04-08 15:44:33 -04:00
8323590b6c
Update r2dbc-spi-test to 0.8.4.RELEASE
...
Closes gh-9551
2021-04-05 22:23:59 -05:00
60d3db5798
add management platform(project(":spring-security-dependencies"))
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
1a76ee7442
Update Gradle configuration names
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
b8e47882aa
Fix test to use non-expired token
...
Closes gh-9506
2021-03-17 17:38:08 +01:00
4a492846f1
Revert "Lock dependencies for 2.5.0-M3"
...
This reverts commit f05cc6269c
2021-03-15 23:18:45 +01:00
f05cc6269c
Lock dependencies for 2.5.0-M3
2021-03-15 11:00:19 +01:00
71e0967b53
Revert "Lock Dependencies for Release"
...
This reverts commit 8c04074264
2021-02-17 15:59:48 -07:00
8c04074264
Lock Dependencies for Release
2021-02-17 14:59:17 -07:00
5e5ff27109
Configure Jackson for nanosecond precision
...
Closes gh-9461
2021-02-17 11:53:36 -07:00
a0a9718b8b
Use Instant with micro-second precision
...
Closes gh-9449
2021-02-17 11:31:23 -07:00
cf032d86d6
Revert "Lock Dependencies"
...
This reverts commit 9535a41d5a
2021-02-11 18:38:07 -07:00
9535a41d5a
Lock Dependencies
2021-02-11 17:43:39 -07:00
f449da8b78
Revert "Lock Dependencies"
...
This reverts commit d17ebf53f9
2021-02-11 17:28:01 -07:00
d17ebf53f9
Lock Dependencies
2021-02-11 16:56:28 -07:00
c4be1c6a56
Revert "Lock Dependencies"
...
This reverts commit a85caa4098
2021-02-11 15:49:59 -07:00
a85caa4098
Lock Dependencies
2021-02-11 15:00:38 -07:00
71f9876c48
Revert "Lock dependencies"
...
This reverts commit dca4858d81
2021-02-11 13:38:50 -06:00
dca4858d81
Lock dependencies
2021-02-11 13:00:32 -06:00
ec8f6014d4
Revert "Lock dependencies"
...
This reverts commit fa5f789beb
2021-02-11 09:51:54 -06:00
fa5f789beb
Lock dependencies
2021-02-11 08:53:40 -06:00
98399c920a
Make user info response status check error only
...
Closes gh-9336
2021-01-25 11:10:03 -05:00
0f7360e8fa
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:46:07 -05:00
f6b678f137
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:23:49 -05:00
d85a7cfc4a
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:02:58 -05:00
580b988e7f
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
Closes gh-9364
2021-01-21 16:22:29 -07:00
56db058fd0
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
2021-01-21 16:18:23 -07:00
1af21a9d02
Revert "Lock Dependencies for 5.4.2"
...
This reverts commit 046bc9789f
2020-12-02 22:21:02 -07:00
7c2010f507
Revert "Lock Dependencies for 5.3.6"
...
This reverts commit a153012056
2020-12-02 19:32:03 -07:00
046bc9789f
Lock Dependencies for 5.4.2
2020-12-02 17:36:26 -07:00
a153012056
Lock Dependencies for 5.3.6
2020-12-02 16:31:52 -07:00
58e3235093
Deprecate ClientAuthenticationMethod BASIC and POST
...
Closes gh-9220
2020-11-25 15:13:28 -05:00
b95e1aa209
Revert "Lock dependencies for 5.5.0-M1"
...
This reverts commit 25a7482c8c
2020-11-03 19:53:28 -05:00
c069692ab9
Extract OAuth2Token from AbstractOAuth2Token
...
Closes gh-5502
2020-11-02 20:35:08 -05:00
25a7482c8c
Lock dependencies for 5.5.0-M1
2020-10-30 17:52:03 -05:00
6724e3e514
Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService
...
Implement R2dbcReactiveOuath2AuthorizedClientService which persists the
Oauth2AuthorizedClient in a sql database
R2dbcReactiveOuath2AuthorizedClientService is using the spring-r2dbc
module to persist/load Oauth2AuthorizedClient to/from a sql database
Add optional depedency to the spring-r2dbc module
Add test compile dependencies to r2dbc-h2 and r2dbc-test
Closes gh-7890
2020-10-29 15:44:12 -04:00
42a787d1f6
Add Postgres sql for JDBC implementation of OAuth2AuthorizedClientService
...
Postgres doesn't have a BLOB type, but it does have an equivalent BYTEA
type.
This approach and naming convention follows the convention established
in Spring Session JDBC which has sql for each RDBMS with files names in
the pattern *-{dbname}.sql, for example:
schema-db2.sql
schema-derby.sql
schema-h2.sql
schema-mysql.sql
schema-postgresql.sql
See https://github.com/spring-projects/spring-session/tree/2.3.1.RELEASE/spring-session-jdbc/src/main/resources/org/springframework/session/jdbc
Issue gh-9070
2020-10-22 09:56:20 -04:00
05dc326389
Use LobHandler in JdbcOAuth2AuthorizedClientService
...
LobHandler provides an abstraction for handling large binary fields and large text
fields in specific databases, no matter if represented as simple types or
Large OBjects.
Its use provides compatibility with many databases eliminating the need
for custom OAuth2AuthorizedClientParametersMapper and
OAuth2AuthorizedClientRowMapper implementations.
Closes gh-9070
2020-10-22 09:56:20 -04:00
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE"
...
This reverts commit 846a5a962c
2020-10-07 16:39:28 -06:00
84737e7b23
Revert "Lock Dependencies for 5.4.1"
...
This reverts commit 48ac47418d
2020-10-07 16:38:48 -06:00
48ac47418d
Lock Dependencies for 5.4.1
2020-10-07 16:01:34 -06:00
846a5a962c
Lock Dependencies for 5.3.5.RELEASE
2020-10-07 13:18:01 -06:00
c502312719
Replace expected @Test attributes with AssertJ
...
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
20baa7d409
Replace ExpectedException @Rules with AssertJ
...
Replace JUnit ExpectedException @Rules with AssertJ calls.
2020-09-22 16:13:51 -06:00
6e6d382357
Adapt to WebClient's new exception wrapping
...
See https://github.com/spring-projects/spring-framework/issues/23842
Closes gh-9031
2020-09-17 12:21:51 -04:00
7b1f574769
Revert "Lock Dependency Versions for 5.4.0"
...
This reverts commit 3d0e459182
2020-09-09 18:14:12 -04:00
3d0e459182
Lock Dependency Versions for 5.4.0
2020-09-09 13:45:03 -04:00
2abf59b695
Merge Formatting Changes
...
Issue gh-8945
2020-08-24 17:33:23 -05:00
dc47a7575e
Polish oauth-client format
...
Issue gh-8945
2020-08-24 17:33:09 -05:00
319d3364aa
Migrate to assertThatExceptionOfType
...
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
2020-08-24 17:33:09 -05:00
2f8e835b11
Use assertThatObject to save casting
...
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.
Issue gh-8945
2020-08-24 17:33:09 -05:00
a5aa6b3d7f
Remove blank lines from all tests
...
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.
Issue gh-8945
2020-08-24 17:33:09 -05:00
7a715f9086
Polish spring-security-oauth2-client main code
...
Manually polish `spring-security-oauth-cleint` following the
formatting and checkstyle fixes.
Issue gh-8945
2020-08-24 17:33:09 -05:00
834dcf5bcf
Use consistent ternary expression style
...
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.
For example: `a = (a != null) ? a : b`
Issue gh-8945
2020-08-24 17:33:08 -05:00
8d3f039f76
Reduce method visibility when possible
...
Reduce method visibility for package private classes when possible.
In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.
Issue gh-8945
2020-08-24 17:33:08 -05:00
612fb22a7f
Remove unnecessary lambda blocks
...
Remove lambda blocks that aren't needed and replace instead with a
simple expression.
Issue gh-8945
2020-08-24 17:33:08 -05:00
52f20b5281
Use parenthesis with single-arg lambdas
...
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.
Issue gh-8945
2020-08-24 17:33:08 -05:00
01d90c9881
Hide utility class constructors
...
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.
Issue gh-8945
2020-08-24 17:33:08 -05:00
ff94944313
Add whitespace after copyright header
...
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.
Issue gh-8945
2020-08-24 17:33:08 -05:00
8d80166aaf
Update exception variable names
...
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.
Issue gh-8945
2020-08-24 17:33:08 -05:00
e9130489a6
Remove restricted static imports
...
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
2020-08-24 17:33:08 -05:00
db55ef4b3b
Migrate to BDD Mockito
...
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
2020-08-24 17:33:08 -05:00
18f3d13363
Fix parenthesis padding issues
...
Fix a few parenthesis padding issues caused by the formatter.
Issue gh-8945
2020-08-24 17:33:08 -05:00
a0b9442265
Use consistent modifier order
...
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".
Issue gh-8945
2020-08-24 17:33:07 -05:00
a2f2e9ac8d
Move inner-types so that they are always last
...
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.
Issue gh-8945
2020-08-24 17:33:07 -05:00
418c3d6808
Avoid inner assignments
...
Replace code of the form `a = b =c` with distinct statements. Although
this results in more lines of code, they are usually easier to
understand.
Issue gh-8945
2020-08-24 17:33:07 -05:00
9e08b51ed3
Apply code cleanup rules to projects
...
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.
Issue gh-8945
2020-08-24 17:33:07 -05:00
8866fa6fb0
Always use 'this.' when accessing fields
...
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
2020-08-24 17:33:07 -05:00
6894ff5d12
Make classes final where possible
...
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
2020-08-24 17:33:07 -05:00
37fa94fafc
Organize imports
...
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
5f64f53c3f
Use consistent "@" tag order in Javadoc
...
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
b7fc18262d
Reformat code using spring-javaformat
...
Run `./gradlew format` to reformat all java files.
Issue gh-8945
2020-08-24 17:32:56 -05:00
0486d5add9
scopes_supported metadata not used as default in ClientRegistrations
...
Closes gh-8514
2020-08-20 08:09:54 -04:00
27ac046d8a
Rename *Test.java -> *Tests.java
...
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.
Issue gh-8945
2020-08-10 16:24:44 -05:00
1d74d556c2
Revert "Lock Dependency Versions for 5.4.0-RC1"
...
This reverts commit f3a1e5d40c
2020-08-05 14:59:11 -04:00
f3a1e5d40c
Lock Dependency Versions for 5.4.0-RC1
2020-08-05 13:46:11 -04:00
d8bef76a0f
Unlock dependencies
...
This reverts commit b619d298aa
2020-08-05 18:18:02 +02:00
b619d298aa
Lock Dependencies for 5.3.4.RELEASE
2020-08-05 12:33:31 +02:00
3bc0b8c144
Revert "Fix snapshot build failure related to reactor-netty"
...
This reverts commit f37714a26f
2020-08-04 14:24:32 -04:00
f37714a26f
Fix snapshot build failure related to reactor-netty
...
Closes gh-8909
2020-08-04 14:17:03 -04:00
8146b1fdda
Deprecate CustomUserTypesOAuth2UserService
...
Closes gh-8908
2020-08-04 13:23:44 -04:00
73e550a867
Polish gh-8906
2020-08-04 11:16:26 -04:00
0ed919f072
Deprecate ClientRegistration.redirectUriTemplate
...
Closes gh-8906
2020-08-04 11:03:29 -04:00
a0c10f2df6
Allow for custom ClientRegistration.clientAuthenticationMethod
...
Closes gh-8903
2020-08-04 08:48:56 -04:00
4e5a304a8a
Remove use of Mono.deferWithContext()
...
Closes gh-8901
2020-08-04 07:26:32 -04:00
57db8e5d4a
Add OAuth2AuthenticationException to allowlist
...
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error
Closes gh-8797
2020-07-21 10:15:44 -04:00
de572be8e9
Add OAuth2AuthenticationException to allowlist
...
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error
Closes gh-8797
2020-07-21 10:14:45 -04:00
b69bcf88e0
Improve error message when invalid content-type for UserInfo response
...
Closes gh-8764
2020-07-09 14:10:14 -04:00
146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
...
This reverts commit 68538897c8
2020-07-01 13:11:50 -06:00
68538897c8
Lock Dependency Versions for 5.4.0-M2
2020-07-01 12:40:29 -06:00
7af5804d56
Compare Timestamps up to the millisecond
...
Issue gh-8782
2020-07-01 11:30:27 +02:00
eb7b27695d
Compare Timestamps up to the millisecond
...
Issue gh-8782
2020-07-01 11:12:55 +02:00
da4b626bf1
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 17:28:21 -04:00
4c902bb857
OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException
...
Fixes gh-8609
2020-06-09 17:28:21 -04:00
674e2c0a8e
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 16:24:00 -04:00
11c1236261
OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException
...
Fixes gh-8609
2020-06-09 16:24:00 -04:00
38c1e3ffa8
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 15:27:32 -04:00
acf56f24a6
OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException
...
Fixes gh-8609
2020-06-09 15:21:07 -04:00
1d821a2664
Add Ticket Number to Test
...
Issue gh-8650
2020-06-05 14:24:49 -06:00
cd3fd6762f
Don't Consume Request Body
...
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.
This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.
Closes gh-8650
2020-06-05 14:21:00 -06:00
bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE"
...
This reverts commit 116bfe01e6
2020-06-03 16:11:59 -06:00
116bfe01e6
Lock Dependencies for 5.3.3.RELEASE
2020-06-03 13:14:07 -06:00
28d2cfa14a
Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter
...
Fixes gh-8536
2020-06-02 21:54:09 -04:00
1e211b6558
Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter
...
Fixes gh-8120
2020-05-15 15:13:15 -04:00
c1abc9b134
Polish gh-8501
2020-05-15 13:26:09 -04:00
78fa859798
Add issuerUri to ClientRegistration.providerDetails
...
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.
Fixes gh-8326
2020-05-14 17:13:07 -04:00
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
2020-05-06 17:27:35 -04:00
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
413dfc8679
Unlock dependencies
...
This reverts commit a61145f74c
2020-05-06 15:29:45 -04:00
a61145f74c
Lock dependencies for 5.3.2.RELEASE
2020-05-06 15:06:08 -04:00
6f2359ccae
Support update when saving with JdbcOAuth2AuthorizedClientService
...
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.
This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.
Fixes gh-8425
2020-04-29 09:18:54 -04:00
a783fbc641
Support update when saving with JdbcOAuth2AuthorizedClientService
...
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.
This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.
Fixes gh-8425
2020-04-29 07:37:57 -04:00
32ce94d2dd
Validate ID Token Issuer
...
When the issuer is set in the provider metadata, we validate the iss
field of the ID Token against it.
The OpenID Connect Specification says this must always be validated.
But this would be a breaking change for applications configured other
than with ClientRegistrations.fromOidcIssuerLocation(issuer). This will
be done later with #8326
Fixes gh-8321
2020-04-21 20:30:01 -04:00
5cd1ec7bb3
Add AuthoritiesMapper setter for reactive OAuth2Login
...
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login
- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
and OAuth2LoginReactiveAuthenticationManager
- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager
Fixes gh-8324
2020-04-17 16:55:05 -04:00
a78872f268
Unlock dependencies for 5.3.1.RELEASE
...
This reverts commit 88c02684bb
2020-03-31 17:53:13 -04:00
88c02684bb
Lock dependencies for 5.3.1.RELEASE
2020-03-31 17:28:36 -04:00
401597c673
Improve OAuth2LoginAuthenticationProvider
...
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse
Fixes gh-5633
2020-03-30 21:09:17 -04:00
45eb34c9a6
Improve OAuth2LoginAuthenticationProvider
...
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse
Fixes gh-5633
2020-03-30 21:08:59 -04:00
71b4248fe6
Improve OAuth2LoginAuthenticationProvider
...
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse
Fixes gh-5633
2020-03-30 20:55:43 -04:00
a9a9c2c0fd
OAuth2 ClientRegistrations NPE fix when userinfo missing
...
Fixes gh-8187
2020-03-27 06:15:25 -04:00
dfc25dc245
OAuth2 ClientRegistrations NPE fix when userinfo missing
...
Fixes gh-8187
2020-03-27 06:13:50 -04:00
75c05d0bb4
OAuth2 ClientRegistrations NPE fix when userinfo missing
...
Fixes gh-8187
2020-03-27 05:58:28 -04:00
a1bcd4ed00
Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer
...
Fixes gh-8177
2020-03-24 13:59:36 -04:00
46baf38f59
Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer
...
Fixes gh-8177
2020-03-24 13:44:09 -04:00
2d8242c5c1
Assign sensible default for OAuth2AuthorizedClientProvider
...
Fixes gh-8150
2020-03-19 11:50:48 -04:00
a9dabf6efb
Assign sensible default for OAuth2AuthorizedClientProvider
...
Fixes gh-8150
2020-03-19 11:44:30 -04:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
968ebb194b
baseUrl placeholder for OidcLogoutSuccessHandlers
...
Fixes gh-7842
2020-02-25 13:35:50 -07:00
fa73b1397a
Add missing @FunctionalInterface in oauth2 modules
...
Fixes gh-8020
2020-02-24 11:53:30 -05:00
3e5600f83f
Add configurable Clock in OidcIdTokenValidator
...
Fixes gh-8019
2020-02-24 11:21:03 -05:00
7734d049eb
Polish javadoc gh-7511
2020-02-24 10:35:58 -05:00
d32c98b1c5
Add OAuth2AuthorizeRequest.Builder.principal(String)
...
Fixes gh-8018
2020-02-24 09:58:38 -05:00
Steve Riesenberg
Rob Winch
Marcus Da Coregio
Josh Cummings
Arnaud Mergey
Joe Grandja
Steve Riesenberg
Eleftheria Stein
Hans Hosea Schaefer
Craig Andrews
Asian Malaysian Vietnamese
Hassene Laaribi
Eleftheria Stein
Benjamin Faal
tristanessquare
Ovidiu Popa
Phillip Webb
Martin Vietz
Dennis Neufeld
Erik Bakker
Parikshit Dutta
Joe Grandja
Thomas Vitale
Stav Shamir
Daniel Furtlehner
Antonin Arquey
Ruby Hartono
Martin Nemec