Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,553 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

386 Commits

Author SHA1 Message Date
Fabien Arrault 17e774d8c7 Preserve existing refresh token if new refresh token not returned 
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.

Fixes: gh-6503
 2019-02-07 15:11:23 -05:00
Josh Cummings ef9c3e4771 Opaque Token Support 
Fixes: gh-5200
 2019-02-07 12:40:12 -07:00
Joe Grandja 594a169798 Introduce OAuth2AuthorizationRequest.attributes 
Fixes gh-5940
 2019-02-07 11:49:17 -05:00
Gerardo Roza 95e0e7243d Save original request on oauth2Client filter 
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
 2019-01-25 09:15:44 -06:00
Joe Grandja 2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Adrian Javorski dd45a49f02 Update JwtTimestampValidator.java 
Changed MaxClockSkew variable to clockSkew to simplify the name.

Fixes gh-6380
 2019-01-14 10:33:38 -07:00
Joe Grandja f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez 057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Johnny Lim c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Joe Grandja 673a2adf26 Polish oauth2 client ExchangeFilterFunction's 
Fixes gh-6355
 2019-01-07 14:39:25 -05:00
Joe Grandja 993e11dcd3 Polish gh-6127 2019-01-07 13:50:17 -05:00
Warren Bailey 1c9ab9197e When expired retrieve new Client Credentials token. 
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails

Fixes gh-5893
 2019-01-07 13:50:17 -05:00
Josh Cummings d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja 9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Joe Grandja 12f320851d Set openid scope in OAuth2LoginTests 2018-12-21 09:24:55 -06:00
Joe Grandja 8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00
Eric Deandrea 0f7dff3774 Introduce ReactiveJwtAuthenticationConverter 
Some changes based on PR comments

Fixes gh-6273
 2018-12-17 14:12:53 -07:00
Josh Cummings 1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder 
Fixes: gh-6256
 2018-12-14 10:41:29 -07:00
shraiysh e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in 
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
 2018-12-06 11:18:39 -06:00
Josh Cummings 566bc6a6e1
Test OpenID Discovery with Trailing Slash 
Fixes gh-6234
 2018-12-05 10:54:30 -07:00
Nicolas Le Bas ba8a337f9a Accept a case-insensitive "Bearer" keyword 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.

This is the reactive counterpart to commit
63f2b6094f .

Fixes gh-6195
 2018-12-02 09:32:27 -05:00
Nicolas Le Bas 63f2b6094f The "Bearer" keyword should be case-insensitive 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
 2018-11-28 19:34:47 -07:00
jer051 fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient 
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
 2018-11-28 15:44:36 -06:00
Josh Cummings 2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings 80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00
Josh Cummings 39933b10ff
Add scopes method to TestOAuth2AccessTokens 
Issue: gh-6025
 2018-11-19 18:06:40 -07:00
dperezcabrera f6414e9a52 Make InMemory*ClientRegistrationRepository Consistent 
The previous builders with the list argument were inconsistent with their
respective builders of var args.
 2018-11-19 15:09:30 -06:00
Rafael Dominguez e1d68e4f6b WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code 
This ensures that token response is only extracted when ClientResponse has a successful status

Fixes: gh-6089
 2018-11-19 10:50:33 -06:00
Josh Cummings 1ea73e7d8e Jwt Decoder Local Key Configuration 
Adds support for configuring Resource Server DSL with a local public
key.

Fixes: gh-5131
 2018-11-16 13:07:19 -06:00
Rafael Dominguez 75a2c2b729 OAuth2AccessTokenResponseBodyExtractor supports Object values 
This commit ensures the token response is parsed correctly if the values are not a String.

Fixes: gh-6087
 2018-11-15 13:23:36 -06:00
Josh Cummings d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Josh Cummings fbcf48cea0 Low-level Nimbus Jwt Decoder 
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.

Fixes: gh-5648
 2018-11-14 15:53:47 -06:00
Josh Cummings ae74f22e30 Reactive Jwt Claim Set Converter Support 
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.

Fixes: gh-6015
 2018-11-13 15:31:08 -06:00
Josh Cummings 19649db9ce
Leave Issuer As String 
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.

Issue: gh-6073
 2018-11-13 11:39:15 -07:00
Josh Cummings c70b65c5df
Favor URL.toExternalForm 
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().

Fixes: gh-6073
 2018-11-13 08:20:18 -07:00
Josh Cummings a32d19ec7d
Polish NimbusReactiveJwtDecoderTests 
Issue: gh-5650
 2018-11-12 15:04:00 -07:00
Joe Grandja a96893a42a Remove charset from Accept header in UserInfo request 
Fixes gh-6017
 2018-10-25 12:56:45 -04:00
Vedran Pavic e1b095df32 Allow in-memory client registration repos to be constructed with a map 
Fixes gh-5918
 2018-10-18 14:07:12 -04:00
Josh Cummings 22bd8f1c1f Reactive Jwt Authentication Converter Support 
Fixes: gh-5092
 2018-10-15 11:55:12 -05:00
Joe Grandja 07d2e43d7a Deprecate NimbusAuthorizationCodeTokenResponseClient 
Fixes gh-5954
 2018-10-15 09:01:19 -04:00
Rob Winch 725b3b5482 Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/ 
Issue: gh-5856
 2018-09-20 21:39:09 -05:00
Joe Grandja 9565e90b6e Remove oauth2-oidc-sdk dependency from oauth2-jose module 
Fixes gh-5891
 2018-09-20 15:20:11 -04:00
Joe Grandja d46f83caf4 Ensure consistent matching of redirect_uri 
Fixes gh-5890
 2018-09-20 14:30:41 -04:00
Josh Cummings 77fa495860
DelegatingOAuth2TokenValidator Varargs Constructor 
Fixes: gh-5889
 2018-09-20 10:45:51 -06:00
Rob Winch 410f6bae1a Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge 
Issue: gh-5872
 2018-09-19 11:53:21 -05:00
Rob Winch dcbf762a0b WebClient OAuth2 Support for defaultClientRegistrationId 
Fixes: gh-5872
 2018-09-19 11:47:04 -05:00
Joe Grandja e8d8eb59bf Make OAuth2AuthorizedClient Serializable 
Fixes gh-5757
 2018-09-19 10:47:30 -04:00
Joe Grandja 2c078c5dd9 Remove expiresAt constructor-arg in OAuth2RefreshToken 
Fixes gh-5854
 2018-09-19 10:47:30 -04:00