539 Commits

Author SHA1 Message Date
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f11e2811b7d4241b26f712674978f3f7.
2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Rob Winch
65981444f1 Use Version Ranges
Fixes gh-7788
2020-01-06 14:46:48 -06:00
Josh Cummings
02f161aba7
Use OidcIdToken.Builder
Issue gh-7592
2019-12-12 07:37:15 -07:00
Phil Clay
cffad1be02 Polish #7589
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
2019-12-10 13:59:51 -05:00
Ankur Pathak
c29309d744 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
2019-12-10 13:59:51 -05:00
Joe Grandja
24500fa3ca Remove redundant validation for redirect-uri
Fixes gh-7706
2019-12-06 11:55:31 -05:00
Josh Cummings
bb8706977d
Polish DefaultOAuth2AuthorizedClientManager 2019-12-02 16:05:17 -07:00
Joe Grandja
65513f2e3b Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 09:48:01 -05:00
Joe Grandja
80f256e425 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository
Fixes gh-7544
2019-11-28 09:48:01 -05:00
Joe Grandja
07b8aa0b1f DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange
Issue gh-7544
2019-11-28 09:48:01 -05:00
Josh Cummings
22ae3eb765
Polish Error-handling Tests
Tests should assert the error message content that Spring Security
controls.

Fixes gh-7647
2019-11-14 16:13:39 -07:00
Rafiullah Hamedy
58ca81d500 Make jwks_uri optional for RFC 8414 and Required for OpenID Connect
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata 
response is expected to return a valid jwks_uri, however, this field is 
optional in the Authorization Server Metadata response as per RFC 8414
specification.

Fixes gh-7512
2019-11-11 10:34:06 -07:00
Phil Clay
8584b12c8d Make saveAuthorizedClient save the authorized client
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.

Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.

Fixes gh-7546
2019-10-23 12:12:23 -04:00
Joe Grandja
1c53a7859b Fix access token expiry check with clock skew
Fixes gh-7511
2019-10-22 21:54:55 -04:00
Everett Irwin
6ad328f909 Add Clock Skew Tests
Fixes gh-7511

Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
2019-10-17 20:19:47 -06:00
Josh Cummings
adf9769eed
Add ClientRegistration.withClientRegistration
Fixes gh-7486
2019-09-27 14:17:50 -06:00
Joe Grandja
7217bb5eb0 Remove FIXME in OAuth2LoginReactiveAuthenticationManager 2019-09-27 12:13:13 -04:00
Joe Grandja
2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber
Fixes gh-7422
2019-09-26 16:17:17 -04:00
Joe Grandja
d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler
da9f027fa4 Add nonce to OIDC Authentication Request
Fixes gh-4442
2019-09-25 14:57:54 -04:00
Joe Grandja
9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri
Fixes gh-7036
2019-09-24 11:07:36 -04:00
Rob Winch
ff54eb878a Use Schedulers.boundedElastic()
Fixes gh-7457
2019-09-19 13:51:06 -05:00
Rob Winch
00f8991fac Merge Remove Redudant Throws
Fixes gh-7301
2019-09-19 11:04:53 -05:00
Josh Cummings
05caf3d8fb
Use Jwt.Builder
Fixes gh-7443
2019-09-16 14:00:25 -06:00
Joe Grandja
88c749263b Polish javadoc for OAuth2AuthorizedClientManager 2019-09-12 19:25:49 -04:00
Joe Grandja
dcdeab596d DefaultReactiveOAuth2AuthorizedClientManager defaults ServerWebExchange
Fixes gh-7390
2019-09-10 11:40:28 -04:00
Eddú Meléndez
91bf1c782a Make OAuth2User extends OAuth2AuthenticatedPrincipal
Fixes gh-7378
2019-09-09 14:36:35 +01:00
Joe Grandja
93cda94969 Add attributes Consumer to OAuth2AuthorizationContext
Fixes gh-7385
2019-09-06 08:01:59 -04:00
Joe Grandja
f7d03858f1 OAuth2AuthorizedClientManager implementation works outside of request
Fixes gh-6780
2019-09-06 06:10:36 -04:00
Joe Grandja
a60446836b OAuth2AuthorizeRequest supports attributes
Fixes gh-7341
2019-09-05 21:04:25 -04:00
Rob Winch
2a3bf9b6bb DefaultReactiveOAuth2UserService IOException
Improve handling of IOException to report an
AuthenticationServiceExceptionThere are many reasons that a
DefaultReactiveOAuth2UserService might fail due to an IOException
(i.e. SSLHandshakeException). In those cases we should use a
AuthenticationServiceException so that users are aware there is likely
some misconfiguration.

Fixes gh-7370
2019-09-05 13:31:30 -05:00
Andreas Kluth
c46b224ec4 Remove OAuth2AuthorizationRequest when a distributed session is used
Dirties the WebSession by putting the amended AUTHORIZATION_REQUEST map into
the WebSession even it was already in the map. This causes common SessionRepository
implementations like Redis to persist the updated attribute.

Fixes gh-7327

Author: Andreas Kluth <mail@andreaskluth.net>
2019-09-05 09:31:32 -04:00
Joe Grandja
e6618d4d50 Removed unused OAuth2AuthorizedClientResolver
Fixes gh-7357
2019-09-04 16:56:40 -04:00
Josh Cummings
833bfd0c22 Add Authorities from Access Token 2019-09-04 14:15:28 -06:00
Josh Cummings
aa1c80c801 Grant Individual Authorities From Claims
Fixes gh-7339
2019-09-04 14:15:28 -06:00
Joe Grandja
409285fb3d Fix test
Issue gh-7350
2019-09-04 14:27:01 -04:00
Joe Grandja
0ac8618eac Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
Fixes gh-7350
2019-09-04 14:07:45 -04:00
Joe Grandja
dcd997ea43 Add support for Resource Owner Password Credentials grant
Fixes gh-6003
2019-09-04 14:07:45 -04:00
Josh Cummings
5e98b92273
In-memory ClientRegistration Repo Duplicate Check
Fixes gh-7338
2019-09-02 15:30:48 -06:00
kostya05983
f6c650db47
Replace Streams with Loops
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
2019-09-02 15:30:48 -06:00
Roman Matiushchenko
ffc43e02c3 Fix NPE in RequestContextSubscriber
RequestContextSubscriber could cause NPE if Mono/Flux.subscribe()
was invoked outside of Web Context.
In addition it replaced source Context with its own without respect
to old data.
Now Request Context Data is Propagated within holder class and
it is added to existing reactor Context if Holder is not empty.

Fixes gh-7228
2019-08-30 16:49:38 +03:00
Lars Grefer
95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Eleftheria Stein
323cf9fa92 Polish OAuth2AuthorizedClientResolver 2019-08-26 11:04:19 -04:00
watsta
2c2e8e5f24 Remove internal Optional usage in favor of null checks
Issue gh-7155
2019-08-26 09:27:40 -04:00
Ebert Toribio
2c2d3b5d85 Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository
Fixes gh-7299
2019-08-23 20:12:29 -04:00
Joe Grandja
bc38a4a3cc Provide configurable Clock in OAuth2AuthorizedClientProvider impls
Fixes gh-7114
2019-08-23 16:43:32 -04:00
Lars Grefer
34dd5fea30 Remove redundant throws clauses
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
Joe Grandja
f0515a021c Polish #7116 2019-08-22 12:01:10 -04:00
Joe Grandja
46756d2e6b Introduce Reactive OAuth2AuthorizedClient Manager/Provider
Fixes gh-7116
2019-08-21 14:12:38 -04:00