816 Commits

Author SHA1 Message Date
Josh Cummings
ae6fb8c681
Add Deprecated Versions of Original Classes
Issue gh-7349
2022-09-23 16:31:22 -06:00
Josh Cummings
37a160245f
Adjust OAuth2 Resource Server packaging
Closes gh-7349
2022-09-23 16:31:21 -06:00
Steve Riesenberg
67a00bcaa0
Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Daniel Garnier-Moiroux
bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Steve Riesenberg
355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f
Add authentication converter for introspected tokens
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
2022-09-13 16:45:36 -05:00
Rob Winch
32dbaceec5 Fix mockito 4.7.0 merge
Issue gh-11748
2022-08-24 08:58:00 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Steve Riesenberg
51dc672625
Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:48:42 -05:00
tinolazreg
d1c742d7aa
Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:48:41 -05:00
Igor Bolic
efaee4e56b Allow customization of redirect strategy
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
2022-08-08 15:35:49 -05:00
Joe Grandja
95155ddb0c Deprecate Resource Owner Password Credentials grant
Closes gh-11590
2022-07-15 16:28:47 -04:00
Josh Cummings
1d72a05c32
Add SecurityContextHolderStrategy to OAuth2
Issue gh-11060
2022-06-27 13:05:12 -06:00
Josh Cummings
01513ab17e
Add placeholders to reactive post_logout_redirect_uri
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
2022-06-16 16:10:26 -06:00
Josh Cummings
6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId
Closes gh-11378
2022-06-16 16:09:57 -06:00
Josh Cummings
3f30de388a
Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:09:56 -06:00
Michael
e4505ed6c8
Add placeholders to post_logout_redirect_uri
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
2022-06-16 16:09:56 -06:00
Kuby
759d799ddd Change phoneNumberVerified with type Boolean
Closes: gh-11315
2022-06-03 09:46:00 -05:00
Steve Riesenberg
f0168c6c27
Add support for customizing claims in JWT Client Assertion
Closes gh-9855
2022-03-17 09:53:16 -05:00
Joe Grandja
50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja
a2ffc88294 Allow configuring PKCE for confidential clients
Closes gh-6548
2022-03-16 13:33:12 -04:00
Simone Giannino
73003d59d6 OAuth 2.0 logout handler resolves uri placeholders
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
2022-03-15 12:54:39 -06:00
Rob Winch
9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Josh Cummings
931fb6a328 Move UnmodifiableMapDeserializer
Issue gh-10905
2022-03-01 14:03:41 -07:00
Marcus Da Coregio
bebd615507 Update io.r2dbc to 0.9.1.RELEASE
Closes gh-10883
2022-02-21 10:35:20 -03:00
Rob Winch
8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Steve Riesenberg
7c54f98944 Update io.r2dbc to 0.9.0.RELEASE
Closes gh-10717
2022-01-14 11:58:45 -06:00
Joe Grandja
214cfe807e Allow Jwt assertion to be resolved
Closes gh-9812
2022-01-10 10:42:10 -05:00
Jonas Erbe
dec858a5b7 Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
2021-11-29 12:04:30 -07:00
Dávid Kováč
17e28fa7aa Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 13:48:32 +01:00
Khaled Hamlaoui
00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler
Closes gh-10425
2021-11-16 15:27:48 -06:00
Josh Cummings
538541bf40 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 17:35:53 -07:00
Steve Riesenberg
076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Rob Winch
f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Rob Winch
0c088e278a Update r2dbc-spi-test to 0.8.6.RELEASE
Closes gh-10393
2021-10-18 21:03:12 -05:00
Dávid Kováč
64e9ac995a getClaimAsBoolean() should not be falsy
Closes gh-10148
2021-10-14 11:28:09 -05:00
Philipp Neuschwander
6db58cbf8a Conditionally resolve bearer token from request parameters
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
2021-10-13 17:10:50 -05:00
Dávid Kováč
0299808b05 Add ClaimAccessor tests
Add tests for ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList

Issue gh-10117
2021-10-13 12:53:40 -06:00
Dávid Kováč
125d33e3cf Update JavaDoc according to implementation
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
2021-10-13 12:53:40 -06:00
Joe Grandja
e3abaf7999 Add OAuth2ErrorCodes.INVALID_REDIRECT_URI
Closes gh-10370
2021-10-13 14:12:44 -04:00
Steve Riesenberg
3b564b2026 Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient
This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
2021-10-06 13:09:33 -05:00
Steve Riesenberg
9b24f66f1c Implement reactive support for JWT as an Authorization Grant
Closes gh-10147
2021-10-05 16:09:24 -05:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Josh Cummings
0f8fa36b93 Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 13:24:51 -06:00
Darren Forsythe
5556b821e3 Check for multiple access tokens per rfc 6750
Check for multiple access tokens on the ServerHttpRequest rather than get get first. If multiples are found throw a OAuth2AuthenticationException.

Closes gh-5708
2021-09-28 08:07:06 -06:00
Joe Grandja
97c949d929 oauth2Login() AuthenticationProvider's preserve root cause exception when rethrown
Closes gh-10228
2021-09-24 10:41:31 -04:00
Joe Grandja
5830fda2fa Introduce JwtEncoder
Closes gh-9208
2021-09-24 05:13:40 -04:00
bishoy basily
860690491a Add setBodyExtractor
Closes gh-10260
2021-09-22 15:32:19 -06:00
Josh Cummings
7b599d4770 Share JWKSource Instances
Closes gh-10312
2021-09-22 13:28:08 -06:00