Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,642 Commits 48 Branches 362 Tags
Commit Graph

847 Commits

Author SHA1 Message Date
Joe Grandja
2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez
fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Joe Grandja
f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja
d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez
057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Johnny Lim
c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Joe Grandja
673a2adf26 Polish oauth2 client ExchangeFilterFunction's 
Fixes gh-6355
 2019-01-07 14:39:25 -05:00
Joe Grandja
993e11dcd3 Polish gh-6127 2019-01-07 13:50:17 -05:00
Warren Bailey
1c9ab9197e When expired retrieve new Client Credentials token. 
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails

Fixes gh-5893
 2019-01-07 13:50:17 -05:00
Josh Cummings
d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja
9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Joe Grandja
8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00
Josh Cummings
1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder 
Fixes: gh-6256
 2018-12-14 10:41:29 -07:00
shraiysh
e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in 
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
 2018-12-06 11:18:39 -06:00
Josh Cummings
566bc6a6e1
Test OpenID Discovery with Trailing Slash 
Fixes gh-6234
 2018-12-05 10:54:30 -07:00
jer051
fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient 
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
 2018-11-28 15:44:36 -06:00
Josh Cummings
2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings
80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00
dperezcabrera
f6414e9a52 Make InMemory*ClientRegistrationRepository Consistent 
The previous builders with the list argument were inconsistent with their
respective builders of var args.
 2018-11-19 15:09:30 -06:00
Rafael Dominguez
e1d68e4f6b WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code 
This ensures that token response is only extracted when ClientResponse has a successful status

Fixes: gh-6089
 2018-11-19 10:50:33 -06:00
Josh Cummings
d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Joe Grandja
a96893a42a Remove charset from Accept header in UserInfo request 
Fixes gh-6017
 2018-10-25 12:56:45 -04:00
Vedran Pavic
e1b095df32 Allow in-memory client registration repos to be constructed with a map 
Fixes gh-5918
 2018-10-18 14:07:12 -04:00
Joe Grandja
07d2e43d7a Deprecate NimbusAuthorizationCodeTokenResponseClient 
Fixes gh-5954
 2018-10-15 09:01:19 -04:00
Rob Winch
725b3b5482 Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/ 
Issue: gh-5856
 2018-09-20 21:39:09 -05:00
Joe Grandja
d46f83caf4 Ensure consistent matching of redirect_uri 
Fixes gh-5890
 2018-09-20 14:30:41 -04:00
Rob Winch
410f6bae1a Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge 
Issue: gh-5872
 2018-09-19 11:53:21 -05:00
Rob Winch
dcbf762a0b WebClient OAuth2 Support for defaultClientRegistrationId 
Fixes: gh-5872
 2018-09-19 11:47:04 -05:00
Joe Grandja
e8d8eb59bf Make OAuth2AuthorizedClient Serializable 
Fixes gh-5757
 2018-09-19 10:47:30 -04:00
Joe Grandja
2c078c5dd9 Remove expiresAt constructor-arg in OAuth2RefreshToken 
Fixes gh-5854
 2018-09-19 10:47:30 -04:00
Rob Winch
cc8935e904 Fix Reactive OIDC to add refresh token 
Fixes: gh-5858
 2018-09-17 21:21:36 -05:00
Rob Winch
385bdfc055 OAuth2AuthorizationCodeGrantWebFilter works with /{action}/ 
This ensures that the same URL can work for both log in and
authorization code which prevents having to create additional registrations
on the client and potentially on the server (GitHub only allows a single
valid redirect URL).

Fixes: gh-5856
 2018-09-17 21:21:36 -05:00
Joe Grandja
ed9cd478ba Polish 
Issue gh-5776
 2018-09-12 11:57:53 -04:00
Joe Grandja
8746e71b9a Use OAuth2AuthorizationException in authorization flows 2018-09-11 14:53:42 -05:00
Joe Grandja
ef02ab2f8a DefaultOAuth2UserService handles OAuth2AuthorizationException 2018-09-11 14:53:42 -05:00
Joe Grandja
7474d6524e DefaultAuthorizationCodeTokenResponseClient throws OAuth2AuthorizationException 2018-09-11 14:53:42 -05:00
Joe Grandja
56b4576396 DefaultClientCredentialsTokenResponseClient throws OAuth2AuthorizationException 
Fixes gh-5726
 2018-09-11 14:53:42 -05:00
Joe Grandja
e56c048db3 Remove OAuth2ClientException 2018-09-11 14:53:42 -05:00
Rob Winch
26e577b0fa UnauthenticatedServerOAuth2AuthorizedClientRepository->UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Issue: gh-5817
 2018-09-07 15:29:35 -05:00
Rob Winch
11ea92ef1c Add UnauthenticatedServerOAuth2AuthorizedClientRepository 
Fixes: gh-5817
 2018-09-07 15:28:40 -05:00
Rob Winch
438d2911fb OAuth2AuthorizedClientResolver 
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.

Issue: gh-4921
 2018-09-07 08:58:00 -05:00
Rob Winch
23726abb1e ServerOAuth2AuthorizedClientExchangeFilterFunction default ServerWebExchange 
Leverage ServerWebExchange established by ServerWebExchangeReactorContextWebFilter

Issue: gh-4921
 2018-09-07 08:57:25 -05:00
Rob Winch
ac78258847 ServerOAuth2AuthorizedClientExchangeFilterFunction defaultOAuth2AuthorizedClient 
Defaults to use the OAuth2AuthenticationToken to resolve the authorized client

Issue: gh-4921
 2018-09-07 08:57:00 -05:00
Rob Winch
158b8aa6d5 ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId 
Issue: gh-4921
 2018-09-07 08:56:49 -05:00
Rob Winch
28537fa3b6 WebClientReactiveClientCredentialsTokenResponseClient 
Fixes: gh-5607
 2018-09-07 08:53:35 -05:00
Rob Winch
89f2874bff ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId 
You can now provide the clientRegistrationId and
ServerOAuth2AuthorizedClientExchangeFilterFunction will look up the authorized client automatically.

Issue: gh-4921
 2018-09-07 08:52:35 -05:00
Rob Winch
5bcbb1c40f ServerOAuth2AuthorizedClientExchangeFilterFunction uses ServerOAuth2AuthorizedClientRepository 
Issue: gh-4921
 2018-09-07 08:52:18 -05:00
Joe Grandja
057587ef29 ClientRegistration contains Provider Configuration Metadata 
Fixes gh-5540
 2018-09-05 17:01:23 -04:00
Joe Grandja
dfd572a4d2 Polish 2018-09-05 07:59:00 -05:00
Joe Grandja
3b480a3a05 Provide RestOperations in CustomUserTypesOAuth2UserService 
Fixes gh-5602
 2018-09-05 07:59:00 -05:00