Commit Graph

456 Commits

Author SHA1 Message Date
Rob Winch 1bd826897f UserInfoRetriever.retrieve accepts the type to convert
Fixes gh-4688
2017-10-24 15:14:58 -05:00
Joe Grandja 4dbbcabacf Rename AuthorizationCodeAuthenticationProvider -> OAuth2LoginAuthenticationProvider
Fixes gh-4690
2017-10-24 15:24:26 -04:00
Joe Grandja 049080290e Refactor OAuth2 AuthenticationProvider's
Fixes gh-4689
2017-10-24 15:24:26 -04:00
Joe Grandja 0fb32a052e OAuth2LoginAuthenticationFilter processes uri /login/oauth2/*
Fixes gh-4687
2017-10-24 15:24:26 -04:00
Joe Grandja 4ae24f2fbe Rename AuthorizationCodeAuthenticationFilter -> OAuth2LoginAuthenticationFilter
Fixes gh-4686
2017-10-24 15:24:25 -04:00
Joe Grandja 8e7838fa64 Verify UserInfo Response sub claim
Fixes gh-4441
2017-10-23 11:44:29 -04:00
Joe Grandja ff0009daed Add AuthorizationRequest.Builder.scope(String...)
Fixes gh-4643
2017-10-23 11:20:15 -04:00
Joe Grandja 8a416793aa Return AuthorizationRequest from AuthorizationRequestRepository.removeAuthorizationRequest
Fixes gh-4652
2017-10-23 11:02:17 -04:00
Joe Grandja 6d7d34c549 Move AuthorizationRequestUriBuilder and DefaultAuthorizationRequestUriBuilder
Fixes gh-4658
2017-10-23 10:19:31 -04:00
Joe Grandja f0c9f85292 spring-security-jwt-jose -> spring-security-oauth2-jose
Fixes gh-4595
2017-10-23 09:04:01 -04:00
Joe Grandja c94b3f4d23 Add AuthorizationExchange
Fixes gh-4660
2017-10-20 20:59:32 -04:00
Joe Grandja eb2b573426 Validate Authorization Response
Fixes gh-4657, Issue gh-4654
2017-10-20 20:59:32 -04:00
Joe Grandja 8e3a2a7123 Remove AuthorizationCodeAuthenticationFilter.AuthorizationResponseMatcher
Fixes gh-4654
2017-10-20 06:09:31 -04:00
Joe Grandja 84a1c417a3 Extract Converter from AuthorizationResponseMatcher
Fixes gh-4653
2017-10-20 04:56:07 -04:00
Joe Grandja d4dac21ca5 Make ClientRegistration.Builder constructor private
Fixes gh-4656
2017-10-19 14:15:59 -04:00
Joe Grandja a980e3b0d7 Remove ClientRegistrationIdentifierStrategy
Fixes gh-4648
2017-10-19 13:40:06 -04:00
Joe Grandja f3756cdd07 Remove ClientRegistrationProperties
Fixes gh-4649
2017-10-19 13:27:54 -04:00
Joe Grandja 1f5edc98d5 ClientRegistration.Builder.scopes -> scope
Fixes gh-4663
2017-10-19 11:24:01 -04:00
Joe Grandja 1e891b38ab Rename scope -> scopes for Set types
Fixes gh-4644
2017-10-18 17:56:39 -04:00
Joe Grandja a77bdb0c5d Make AuthorizationRequest serializable
Fixes gh-4627
2017-10-18 15:55:37 -04:00
Rob Winch d7d6400971 DefaultStateGenerator->Base64StringKeyGenerator
Rename and move DefaultStateGenerator since it is more generic than just
OAuth.

Fixes gh-4645
2017-10-18 11:29:04 -05:00
Rob Winch d554b06a43 OAuth use ConcurrentHashMap
Fixes gh-4647
2017-10-17 22:17:09 -05:00
Rob Winch b764c666c6 Fix jwt package tangles
JWT is part of OAuth2, so it should be a subpackage of oauth2.

Fixes gh-4614
2017-10-17 21:06:27 -05:00
Rob Winch c5abcd1fcd DefaultAuthorizationRequestUriBuilder uses StringUtils
Fixes gh-4642
2017-10-17 20:24:43 -05:00
Joe Grandja 7b8d131386 Fix package tangles -> OAuth2/Oidc AuthenticationProvider's
Fixes gh-4614
2017-10-16 20:56:32 -04:00
Johnny Lim 25052214ae Polish 2017-10-16 18:33:27 -05:00
Joe Grandja a7d054c9f3 Remove AuthorizationGrantAuthenticator 2017-10-16 13:43:11 -04:00
Joe Grandja 3c824dc44b Fix package tangles -> OAuth2UserService
Fixes gh-4614
2017-10-13 18:59:41 -04:00
Joe Grandja cfa4858b04 Fix package tangles -> AuthorizationGrantTokenExchanger
Fixes gh-4614
2017-10-13 16:35:48 -04:00
Joe Grandja ea64d10d95 Polish jwt-jose 2017-10-13 07:09:00 -04:00
Joe Grandja c441f99567 Polish oauth2-client 2017-10-13 07:09:00 -04:00
Joe Grandja d4d7199a6d Polish oauth2-core 2017-10-13 07:09:00 -04:00
Joe Grandja df474e04d8 Move logic from AuthorizationCodeAuthenticationFilter to OAuth2UserAuthenticationProvider 2017-10-11 17:39:21 -04:00
Joe Grandja ca5b62abb5 Move AuthorizationResponseConverter logic to AuthorizationCodeAuthenticationFilter 2017-10-11 17:39:21 -04:00
Joe Grandja d840090cb0 Add support for implicit grant type
Fixes gh-4500
2017-10-11 13:54:59 -04:00
Joe Grandja 401c84b3f2 Externalize error codes from OAuth2Error
Fixes gh-4606
2017-10-10 20:24:33 -04:00
Joe Grandja da0a7afa38 Polish AuthorizationCodeAuthenticationFilter
Fixes gh-4599
2017-10-10 14:39:47 -04:00
Joe Grandja efa4bf409c Remove AuthorizationCodeRequestRedirectFilter. setAuthorizationRequestMatcher 2017-10-10 14:38:06 -04:00
Joe Grandja 6b16fa0d8c Polish OAuth Security Configurers 2017-10-10 14:38:06 -04:00
Joe Grandja 97c938e7f3 Extract authentication logic from AuthorizationCodeAuthenticationFilter
Fixes gh-4590
2017-10-10 14:38:06 -04:00
Joe Grandja 5811624bbe Polish endpoint package
* Remove ErrorResponseAttributes
* Rename AuthorizationRequestAttributes -> AuthorizationRequest
* Remove AuthorizationCodeTokenRequestAttributes
* Rename TokenResponseAttributes -> TokenResponse

Issue gh-4593
2017-10-06 18:51:24 -04:00
Joe Grandja ce142e50b6 Rename AuthorizationCodeAuthorizationResponseAttributes -> AuthorizationResponse
Fixes gh-4593
2017-10-06 18:51:24 -04:00
Joe Grandja eca2b67137 ClientRegistration supports 'baseUrl' uri variable
Fixes gh-4589
2017-10-05 20:35:51 -04:00
Joe Grandja dec0bce100 Remove authorities -> AuthorizationGrantAuthenticationToken constructor
Fixes gh-4602
2017-10-05 20:22:50 -04:00
Joe Grandja 1b7e761be4 Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor
Fixes gh-4591
2017-10-05 17:05:56 -04:00
Joe Grandja eb320bfed4 AuthorizationCodeAuthenticationProcessingFilter -> AuthorizationCodeAuthenticationFilter 2017-10-05 16:40:12 -04:00
Joe Grandja 5c14e48b18 Add OAuth2UserAuthenticationProvider
Moved logic from AuthorizationCodeAuthenticationProvider
to OAuth2UserAuthenticationProvider (new) related to
loading user attributes via OAuth2UserService.

This re-factor is part of the work required for Issue gh-4513
2017-10-05 15:15:35 -04:00
Joe Grandja f8a9077d5a Generalize AuthorizationCodeAuthenticationProvider
The AuthorizationCodeAuthenticationProvider implements part of the
Authorization Code Grant flow as defined in
OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0.
The implementation needs to be de-coupled to allow for better re-use and readability.
This commit introduces the AuthorizationGrantAuthenticator and extracts logic from
AuthorizationCodeAuthenticationProvider and provides different implementations
for OAuth 2.0 and OpenID Connect 1.0.

This re-factor is part of the work required for Issue gh-4513
2017-10-05 05:02:22 -04:00
Joe Grandja 0d516ca32c Rename scopes -> scope 2017-10-02 15:50:16 -04:00
Joe Grandja fb57111ecd redirect-uri property supports 'baseRedirectUrl' uri variable
Fixes gh-4589
2017-10-02 15:29:03 -04:00
Joe Grandja 66647070ab Default login page supports Iterable<ClientRegistration>
Fixes gh-4596
2017-09-29 19:54:17 -04:00
Joe Grandja ad91adf9dc Retrieving the UserInfo is conditional
Fixes gh-4451
2017-09-29 10:51:16 -04:00
Rob Winch 646b3e48b3 Avoid Exception Message in HTTP Response
Fixes gh-4587
2017-09-28 17:24:49 -05:00
Joe Grandja b9258aa6ee Make AuthorizationRequestUriBuilder optional
Fixes gh-4577
2017-09-28 16:43:11 -04:00
Joe Grandja bfb77a7804 Remove unnecessary dependencies 2017-09-28 15:42:12 -04:00
Joe Grandja 9a8ddebc94 Use param matching for Authorization Response
Fixes gh-4576
2017-09-28 10:21:01 -04:00
Joe Grandja d191bcc8ac Remove ClientRegistrationRepository.findByClientId()
Fixes gh-4583
2017-09-28 09:01:58 -04:00
Joe Grandja 52f495a5ec Remove ProviderJwtDecoderRegistry
Fixes gh-4581
2017-09-28 08:51:43 -04:00
Joe Grandja 8448a54678 Remove ClientRegistrationRepository.getRegistrations()
Fixes gh-4582
2017-09-28 07:02:59 -04:00
Joe Grandja 3217582805 Introduce JwtDecoderRegistry
Fixes gh-4584
2017-09-28 06:07:47 -04:00
Joe Grandja b463f8e6b5 Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()
Related gh-4580
2017-09-27 15:39:39 -04:00
Joe Grandja 814742fef6 Rename ClientRegistration.clientAlias -> registrationId
Fixes gh-4575
2017-09-27 09:14:55 -04:00
Joe Grandja 38be35677d Add userNameAttributeName to ClientRegistration
Fixes gh-4580
2017-09-26 21:55:19 -04:00
Joe Grandja 7fb3093617 Fix NPE InMemoryClientRegistrationRepository 2017-09-26 14:08:01 -04:00
Joe Grandja 0e9b2807bf Split up NimbusOAuth2UserService
Fixes gh-4447
2017-09-26 11:32:49 -04:00
Joe Grandja a06487c0f7 Move additionalParameters to TokenResponseAttributes
Fixes gh-4554
2017-09-22 15:21:22 -04:00
Joe Grandja 680984c242 SecurityTokenRepository associates SecurityToken to ClientRegistration
Fixes gh-4563
2017-09-22 09:51:00 -04:00
Joe Grandja 7fb386669f InMemoryClientRegistrationRepository -> enforce unique ClientRegistration's
Fixes gh-4562
2017-09-21 15:47:26 -04:00
Joe Grandja 9b61eba41d Add identifier strategy for ClientRegistration
Fixes gh-4561
2017-09-21 10:19:28 -04:00
Joe Grandja 991a154703 Add OIDC Client and User Authentication
Fixes gh-4521
2017-09-19 20:57:56 -04:00
Joe Grandja c54c622124 Re-structure OAuth2AuthenticationToken
Fixes gh-4553
2017-09-19 16:35:43 -04:00
Rob Winch e345dd106c Remove leading whitespaces 2017-09-18 11:52:31 -05:00
Joe Grandja 65b968f04a Move servlet-specific classes to 'web' package
Fixes gh-4366
2017-09-13 16:13:32 -04:00
Joe Grandja 9133eb1b78 Revert "Provide fix for Google iss claim"
This reverts commit b6212cba66.
2017-09-13 14:07:23 -04:00
Vedran Pavic 549decf00a Prefer `sub` claim as OIDC principal name
This commit removes preference for `name` claim as principal name in `DefaultOidcUser` so that the default is now `sub` claim. In addition to that, `DefaultOidcUser` now also provides constructors to explicitly define the claim to be preferred as principal name.

Fixes gh-4515
2017-09-13 13:53:14 -04:00
Joe Grandja 4ff0b52f74 Remove HttpClientConfig
Issue gh-4478
2017-09-12 21:03:40 -04:00
Joe Grandja 223b126de5 Remove Serializable from OAuth2User
Fixes gh-4514
2017-09-05 09:24:25 -04:00
Joe Grandja 306f81b7f7 Minor renames to oauth2 client properties
Fixes gh-4296
2017-08-30 11:51:06 -04:00
Joe Grandja b6212cba66 Provide fix for Google iss claim
Fixes gh-4511
2017-08-26 18:55:23 -04:00
Joe Grandja 4951550d7d Add context path to authorization request URI
Fixes gh-4510
2017-08-26 18:55:23 -04:00
Luander Ribeiro ec908bb700 Add unit tests for endpoints package
Fixes gh-4499

This commit contains unit tests for the endpoints package in oauth2-core.
2017-08-24 18:26:33 -04:00
Joe Grandja bc6be86aec Add in-memory AccessTokenRepository
Fixes gh-4508
2017-08-23 17:18:35 -04:00
Joe Grandja d6ba348a59 Add SecurityTokenRepository abstraction
Fixes gh-4405
2017-08-23 17:18:19 -04:00
Joe Grandja 93c2b2533e Allow configuring request paths for oauth2 filters
Fixes gh-4473
2017-08-23 17:17:01 -04:00
Rob Winch e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Luander Ribeiro 65734414f7 Added HttpServletResponse to AuthorizationRequestRepository
This change enables AuthorizationRequestRepository to possibly save the AuthorizationRequestAttributes to a cookie.

Fixes gh-4446
2017-08-15 09:45:52 -04:00
Joe Grandja ef1de5eda0 Remove Accept header for UserInfo request
Fixes gh-4481
2017-08-15 04:54:38 -04:00
Joe Grandja c872499eee Enable custom configuration for HTTP client
Fixes gh-4477
2017-07-28 16:43:44 -04:00
Joe Grandja 3b42323b6d AuthorizationCodeRequestRedirectFilter -> always expand redirectUri
Fixes gh-4444
2017-07-28 09:31:38 -04:00
Joe Grandja c204cc2c31 Completed implementation in ClaimAccessor's
Fixes gh-4449
2017-07-28 09:31:38 -04:00
Joe Grandja 33423c46d3 Rename AbstractToken to SecurityToken
Fixes gh-4466
2017-07-28 09:31:37 -04:00
Joe Grandja f50812c385 Renamed methods in AuthorizationCodeRequestRedirectFilter
Fixes gh-4443
2017-07-14 17:09:49 -04:00
Joe Grandja 598a08e2d8 Update docs AuthorizationCodeAuthenticationProvider
Fixes gh-4450
2017-07-14 16:58:36 -04:00
Joe Grandja 9cfb890207 Use id_token for user authentication
Fixes gh-4410
2017-07-07 12:44:26 -04:00
Joe Grandja c986b6f4b5 Add support for JWT/JWS
Fixes gh-4434
2017-07-05 16:23:32 -04:00
Joe Grandja 6c0ecea494 Use java.util.Function instead of Converter
Fixes gh-4323
2017-06-01 17:25:39 -04:00
Joe Grandja 545339c663 Change AuthorizationGrantType from enum to class
Fixes gh-4291
2017-05-30 16:22:53 -04:00
Joe Grandja 4476df93e9 Change ResponseType from enum to class
Fixes gh-4292
2017-05-30 16:11:57 -04:00
Joe Grandja 336e247e70 Change AccessToken.TokenType from enum to class
Fixes gh-4293
2017-05-30 15:50:58 -04:00
Joe Grandja 435e389609 Change ClientAuthenticationMethod from enum to class
Fixes gh-4313
2017-05-30 14:41:59 -04:00
Joe Grandja 3ccf6764c1 Handle unsuccessful UserInfo response
Fixes gh-4351
2017-05-24 15:43:21 -04:00
Joe Grandja 521feb9a1b Update Boot samples to 2.0.0.M1
Fixes gh-4339
2017-05-24 11:32:00 -04:00
Rob Winch d81b436e5d Remove pom.xml from build
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.

This commit removes the pom.xml files from the build.

Fixes gh-4283
2017-05-11 14:32:36 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Joe Grandja a458b682d6 Add package/class level javadoc in oauth2-client
Fixes gh-4295
2017-05-04 12:37:35 -04:00
Joe Grandja 829c386756 Add support for OAuth 2.0 Login
Fixes gh-3907
2017-04-28 10:58:59 -04:00