e243f93eed
Default to server_error when OAuth2Error.errorCode is null
...
Fixes gh-5594
2018-07-30 13:20:58 -04:00
aea861e2f9
Fix Imports
...
Issue: gh-5599
2018-07-30 12:15:53 -05:00
a01dc3a5f6
WebFlux Handles Undefined State Parameter
...
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.
This commit handles the null value.
Fixes: gh-5599
2018-07-30 12:02:42 -05:00
f3c9cce56d
Rename to WebClientAuthorizationCodeTokenResponseClient
...
Rename NimbusReactiveAUthorizationCodeTokenResponseClient to
WebClientReactiveAuthorizationCodeTokenResponseClient
Fixes: gh-5529
2018-07-26 15:14:11 -05:00
1c8a931e33
Rename to OidcAuthorizationCodeReactiveAuthenticationManager
...
Renamed OidcReactiveAuthenticationManager to
OidcAuthorizationCodeReactiveAuthenticationManager since it only handles
authorization code flow.
Fixes: gh-5530
2018-07-26 15:14:11 -05:00
2c1c2c78c3
Add HttpServletResponse param to removeAuthorizationRequest
...
Fixes gh-5313
2018-07-26 14:15:56 -04:00
887db71333
Fix typo ( #5580 )
2018-07-26 10:04:21 -04:00
ba29b363fc
Fix OAuth2AuthorizationRequestRedirectWebFilter baseurl exclude querystring
...
To create redirect_uri in OAuth2AuthorizationRequestRedirectWebFilter,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.
Fixed: gh-5520
2018-07-23 15:42:15 -04:00
36cbdfe013
Fix NPE when null Authentication in authorization_code grant
...
Fixes gh-5560
2018-07-23 12:28:48 -04:00
88975dad41
ServletOAuth2AuthorizedClientExchangeFilterFunction handles null authorized client
...
Issue: gh-5545
2018-07-22 12:01:42 -07:00
67dd3f16e9
Add static methods for ServletOAuth2AuthorizedClientExchangeFilterFunction
...
This will allow us to break up
ServletOAuth2AuthorizedClientExchangeFilterFunction into multiple
components if we decide to later.
Issue: gh-5545
2018-07-20 11:48:20 -05:00
9ababf4168
Rename to ServerOAuth2AuthorizedClientExchangeFilterFunction
...
Rename OAuth2AuthorizedClientExchangeFilterFunction to
ServerOAuth2AuthorizedClientExchangeFilterFunction->
Issue: gh-5386
2018-07-20 11:48:19 -05:00
1b79bbed7f
Add ServletOAuth2AuthorizedClientExchangeFilterFunction
...
Fixes: gh-5545
2018-07-20 11:48:19 -05:00
3c461b704c
Add AuthenticationMethod type
...
This section defines three methods of sending bearer access tokens
in resource requests to resource servers.
Clients MUST NOT use more than
one method to transmit the token in each request.
RFC6750 Section 2 Authenticated Requests
https://tools.ietf.org/html/rfc6750#section-2
Add AuthenticationMethod in ClientRegistration UserInfoEndpoint.
Add AuthenticationMethod for OAuth2UserService to get User.
To support the use of the POST method.
https://tools.ietf.org/html/rfc6750#section-2.2
gh-5500
2018-07-20 11:32:51 -04:00
9a144d742e
Use OAuth2AuthorizedClientRepository in filters and resolver
...
Fixes gh-5544
2018-07-19 22:57:10 -04:00
3f8e69211f
Fix OAuth2 ClientRegistration scope can be null
...
Allows scope of OAuth2 ClientRegistration to be null.
- The scope setting in the RFC document is defined as Optional.
https://tools.ietf.org/html/rfc6749#section-4.1.1
> scope: OPTIONAL.
> The scope of the access request as described by Section 3.3.
- When the client omits the scope parameter,
validation is determined by the authorization server.
https://tools.ietf.org/html/rfc6749#section-3.3
> If the client omits the scope parameter when requesting
authorization, the authorization server MUST either process the
request using a pre-defined default value or fail the request
indicating an invalid scope. The authorization server SHOULD
document its scope requirements and default value (if defined).
Fixes gh-5494
2018-07-18 16:17:14 -04:00
191a4760f9
Fix DefaultOAuth2AuthorizationRequestResolver baseUrl excludes queryParams
...
To create redirect_uri in DefaultOAuth2AuthorizationRequestResolver,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.
Fixes gh-5520
2018-07-17 12:00:01 -04:00
981d35a92c
Add ClientRegistration.Builder.registrationId
...
Fixes: gh-5527
2018-07-17 01:27:39 -05:00
371221d729
Support anonymous Principal for OAuth2AuthorizedClient
...
Fixes gh-5064
2018-07-16 10:15:41 -05:00
779597af2a
Add support for custom authorization request parameters
...
Fixes gh-4911
2018-07-16 09:39:06 -05:00
ba489af354
Fix OAuth2AuthorizedClientExchangeFilterFunctionTests on JDK9
...
Issue: gh-4371
2018-07-02 16:16:16 -05:00
127a32bd81
Fix checkstyle OAuth2AuthorizedClientExchangeFilterFunctionTests
...
Issue: gh-4371
2018-07-02 15:47:24 -05:00
0116c65c0e
OAuth2AuthorizedClientExchangeFilterFunction Refresh Support
2018-07-02 14:14:17 -05:00
1f1fb1a801
Add MockExchangeFunction getResponse
...
This allows setting up the mock
Issue: gh-5386
2018-07-02 12:43:00 -05:00
0910e04bdf
MockExchangeFunction Support Multiple Requests
...
Issue: gh-5386
2018-07-02 12:42:54 -05:00
e27e1cd637
Add OAuth2AccessTokenResponseBodyExtractor
...
This externalizes converting a OAuth2AccessTokenResponse from a
ReactiveHttpInputMessage.
Fixes: gh-5475
2018-07-02 12:41:44 -05:00
8ef4a5ba92
Add NimbusReactiveJwtDecoder RSAPublicKey Support
...
Fixes: gh-5460
2018-06-25 21:30:49 -05:00
d32aa3c6d6
Validate sub claim in UserInfo Response
...
Fixes gh-5447
2018-06-25 16:44:04 -04:00
d521d5e066
Add OidcReactiveAuthenticationManager
...
Fixes: gh-5330
2018-06-18 16:08:07 -05:00
f7a2a41241
Add OidcReactiveOAuth2UserService
...
Issue: gh-5330
2018-06-18 16:08:07 -05:00
3ddde473f2
Extract OidcTokenValidator
...
Issue: gh-5330
2018-06-18 16:06:19 -05:00
adb8c60173
Extract OidcUserRequestUtils
...
This logic is shared by both reactive and non-reactive clients.
Issue: gh-5330
2018-06-18 16:06:01 -05:00
a3db6fc993
Polish OidcUserService
...
Fixes: gh-5449
2018-06-18 16:03:41 -05:00
02d29887fb
Associate Refresh Token to OAuth2AuthorizedClient
...
Fixes gh-5416
2018-06-12 11:31:43 -04:00
4fc6d96073
Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient
...
Fixes gh-5360
2018-06-08 17:33:21 -04:00
dd1b1b9cc3
Use Spring Framework 5.1.0 SNAPSHOT
...
Fixes: gh-5408
2018-06-05 12:28:51 -05:00
fe979aa996
OidcUserService leverages DefaultOAuth2UserService
...
Fixes gh-5390
2018-05-31 16:17:47 -04:00
82e4abdd32
OAuth2ClientArgumentResolver uses AnnotatedElementUtils
...
Fixes gh-5335
2018-05-29 21:29:33 -04:00
b3ca598679
Add WebClient Bearer token support
...
Fixes: gh-5389
2018-05-25 15:17:08 -05:00
c68cf991ae
Add OAuth2AuthorizedClientExchangeFilterFunction
...
Fixes: gh-5386
2018-05-25 11:01:55 -05:00
2658577396
OAuth2AuthorizationRequestRedirectWebFilter handles ClientAuthorizationRequiredException
...
Fixes: gh-5383
2018-05-24 16:40:41 -05:00
0eedfc717a
Revert "Revert "Add ClientRegistration from OpenID Connect Discovery""
...
This reverts commit 9fe0f50e3c
2018-05-18 09:40:43 -05:00
9fe0f50e3c
Revert "Add ClientRegistration from OpenID Connect Discovery"
...
This reverts commit 0598d47732
2018-05-18 09:20:51 -05:00
0598d47732
Add ClientRegistration from OpenID Connect Discovery
...
Fixes: gh-4413
2018-05-16 12:30:04 -05:00
7013c6fd76
Add OAuth2LoginSpec
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
23f4b9d3d1
Add OAuth2AuthorizationRequestRedirectWebFilter
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
de959dbff6
Add OAuth2ClientArgumentResolver
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
c1e9785a48
Add OAuth2LoginReactiveAuthenticationManager
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
7401cb2b51
Add ServerOAuth2LoginAuthenticationTokenConverter
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
3cd2ddf793
Add NimbusReactiveAuthorizationCodeTokenResponseClient
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
3220e9560a
Add DefaultReactiveOAuth2UserService
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
b613b2d253
Add WebSessionOAuth2ReactiveAuthorizationRequestRepository
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
5e9c714ff0
Add InMemoryReactiveOAuth2AuthorizedClientService
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
a02b0c17f8
Add InMemoryReactiveClientRegistrationRepository
...
Issue: gh-4807
2018-05-11 04:19:50 -05:00
c696640276
OAuth2AuthorizationResponseUtils uses MultiMap
...
Fixes: gh-5331
2018-05-11 04:19:50 -05:00
2356749cc3
Add test NimbusUserInfoResponseClient sets Accept header to JSON
...
Issue gh-5294
2018-05-03 20:18:41 -04:00
b8f225c49e
NimbusUserInfoResponseClient sets Accept header to JSON
...
Fixes gh-5294
2018-05-03 16:34:38 -04:00
4cc5705ae5
HttpSessionOAuth2AuthorizationRequestRepository removes empty Map from session
...
Fixes gh-5263
2018-05-02 11:07:26 -04:00
49b63e260d
OAuth2LoginAuthenticationFilter should handle null ClientRegistration
...
Fixes gh-5251
2018-05-02 09:16:42 -04:00
6095340e93
OAuth2AuthorizationRequestRedirectFilter -> Reuse code for baseUrl
...
Fixes gh-5153
2018-04-09 21:11:00 -04:00
526e0fdd4f
Add OAuth2 Client HandlerMethodArgumentResolver
...
Fixes gh-4651
2018-04-02 12:13:52 -04:00
982fc360b2
Add support for authorization_code grant
...
Fixes gh-4928
2018-04-02 12:13:06 -04:00
ce2f669245
Remove state assertion when loading OAuth2AuthorizationRequest
...
Fixes gh-5163
2018-03-27 20:06:30 -04:00
d07cfe655d
Use Supplier variants of Assert methods
2018-03-27 10:58:55 -05:00
bf41d48718
HttpSessionOAuth2AuthorizationRequestRepository support distributed HttpSession
...
Previously HttpSessionOAuth2AuthorizationRequestRepository
getAuthorizationRequest attempted to update the state of HttpSession as
well as getting the Map of OAuth2AuthorizationRequest. This had a few
problems
- First it was confusing that a get method updated state
- It worked when the session was in memory, but would not work when the
HttpSesson was persisted to an external store (i.e. Spring Session) since
after updating the Map, there was no invocation to update
This commit cleans up the logic and ensures that the values are explicitly
set in the HttpSession so it works with a session persisted in an external
store.
Fixes: gh-5146
2018-03-20 22:14:48 -05:00
04e2e86e6e
Polish HttpSessionOAuth2AuthorizationRequestRepositoryTests
...
Fixes: gh-5147
2018-03-20 22:14:48 -05:00
59cef7d339
HttpSessionOAuth2AuthorizationRequestRepository handle multiple OAuth2AuthorizationRequest per session
...
Fixes gh-5110
2018-03-20 22:14:48 -05:00
a5bd76b6ed
Revert authorization_code grant support
...
This reverts commit eae7afd9aa
2018-03-06 16:16:45 -05:00
eae7afd9aa
Add support for authorization_code grant
...
Fixes gh-4928
2018-03-02 14:30:49 -05:00
7eb58ee7d9
DefaultOAuth2UserService -> assert UserInfo Uri is set
...
Fixes gh-4992
2018-02-02 13:01:18 -05:00
fe2ac00deb
Add javadoc for spring-security-oauth2-client
...
Fixes gh-4884
2018-01-23 17:07:21 -05:00
c16456623f
Remove unused imports
2017-12-20 16:05:38 -06:00
ae664c33b1
Polish
...
Fix compile warnings in ClientRegistrationTests
2017-11-27 12:12:59 -06:00
edccafca84
Create OAuth2AuthorizationResponse lazily
...
This commit creates `OAuth2AuthorizationResponse` as lazily as possible to prevent the creation when `authorizationRequest` is `null`.
Fixes gh-4848
2017-11-20 11:01:34 -05:00
c04b3b4114
Exclude well-known ports in expanded redirect-uri
...
Fixes gh-4836
2017-11-18 10:41:27 -05:00
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
2017-11-16 11:18:31 -06:00
dd33f0a7de
ClientRegistration.redirectUri -> redirectUriTemplate
...
Fixes gh-4827
2017-11-15 14:51:35 -05:00
e098c3707e
Update default redirect-uri to use 'baseUrl' template variable
...
Fixes gh-4826
2017-11-15 14:51:35 -05:00
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
872a8f3189
Change constructor param order in oauth2 client filters
...
Fixes gh-4818
2017-11-13 17:32:22 -05:00
426c034c01
OidcUserService uses custom userNameAttributeName
...
Fixes gh-4812
2017-11-12 14:44:57 -05:00
473ac0e37c
Add tests to oauth2-client
...
Fixes gh-4299
2017-11-10 16:03:34 -05:00
ef9cd76607
Polish oauth2
...
Fixes gh-4758
2017-10-30 16:49:01 -04:00
511d702ee0
Remove JwtDecoderRegistry
...
Fixes gh-4754
2017-10-30 12:52:42 -04:00
c1c726f123
Polish InMemoryClientRegistrationRepository
...
Issue: gh-4745
2017-10-29 20:03:36 -05:00
a3e38fec47
Remove AuthorizationRequestUriBuilder
...
Make this API private since we don't have concrete use cases for exposing
it yet.
Fixes gh-4742
2017-10-29 19:50:02 -05:00
c3d2effc1d
Polish OAuth2AuthorizedClientService
...
Fixes gh-4746
2017-10-29 20:25:03 -04:00
b496ad4d86
Polish OAuth2LoginAuthenticationToken
...
Fixes gh-4744
2017-10-29 19:21:41 -04:00
8032baa296
Polish InMemoryClientRegistrationRepository
...
- use Map.get
- Construct with stream()
- Add tests
- Remove unnecessary unmodifiableCollection (already unmodifiable)
Fixes gh-4745
2017-10-29 18:07:49 -05:00
f0c2944377
OAuth2AuthorizationResponse getAccessToken
...
No longer delegate to OAuth2AccessToken but add getAccessToken()
Fixes gh-4743
2017-10-29 17:12:46 -05:00
e4887057bc
Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient
...
Fixes gh-4741
2017-10-29 17:49:15 -04:00
2a00232a5b
Remove UserInfoRetreiver
...
Fixes gh-4740
2017-10-29 17:49:15 -04:00
6fbd435bdf
OAuth2LoginAuthenticationFilter requires collaborators
...
Fixes gh-4661
2017-10-29 04:41:23 -04:00
b471dd1c54
Remove OAuth2TokenRepository
...
Fixes gh-4727
2017-10-28 21:40:33 -04:00
b1d56b5821
NimbusAuthorizationCodeTokenExchanger uses authorizationRequest.redirectUri
...
Fixes gh-4701
2017-10-28 21:30:40 -04:00
006319f19a
UserInfoRetriever supports ParameterizedTypeReference
...
Fixes gh-4693
2017-10-28 19:26:04 -04:00
83dc902ff7
Map CustomUserTypesOAuth2UserService using clientRegistrationId
...
Fixes gh-4692
2017-10-28 18:11:39 -04:00
0c68eb1821
Re-factor OAuth2AuthorizationCodeAuthenticationToken
...
Fixes gh-4730
2017-10-28 17:15:31 -04:00
64d8c8b8a9
Re-factor AuthorizationGrantTokenExchanger
...
Fixes gh-4728
2017-10-28 17:12:14 -04:00
16e69d06b4
Add OAuth2AuthorizedClientService
...
Fixes gh-4726
2017-10-28 17:12:14 -04:00
Joe Grandja
Rob Winch
Johnny Lim
mhyeon.lee
Christoph Dreis
Eddú Meléndez