Commit Graph

1660 Commits

Author SHA1 Message Date
Joe Grandja
3debeb6f65 Add documentation for DPoP support
Closes gh-2009
2025-05-14 19:06:01 -04:00
Joe Grandja
86b5607a03 Fix DPoP jkt claim validation during refresh_token grant for public clients
Closes gh-2008
2025-05-14 06:16:14 -04:00
Joe Grandja
07f9621b02 Fix DPoP jkt claim to be JWK SHA-256 thumbprint
Closes gh-2007
2025-05-13 16:37:17 -04:00
DevDengChao
40d503abe4 Replace @MockBean with @MockitoBean
Closes gh-1972

Signed-off-by: DevDengChao <2325690622@qq.com>
2025-04-30 09:35:43 -04:00
Joe Grandja
76e3b03e74 Merge branch '1.4.x' 2025-04-29 06:50:43 -04:00
Joe Grandja
20aca47d12 Merge branch '1.3.x' into 1.4.x
Closes gh-1995
2025-04-29 06:48:48 -04:00
Tran Ngoc Nhan
6bbd62914c Prevent NPE
Closes gh-1955

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-04-29 06:45:29 -04:00
Joe Grandja
51dd7c6124 Merge branch '1.4.x' 2025-04-23 12:03:59 -04:00
Joe Grandja
4b2a87516c Merge branch '1.3.x' into 1.4.x 2025-04-23 11:53:39 -04:00
Joe Grandja
02f9d1e1c3 Revert "Temporarily modify workflow to complete 1.4.3 release"
This reverts commit a13d7cda99.
2025-04-22 15:45:04 -04:00
github-actions[bot]
ec9f5efa7b Next development version 2025-04-22 19:41:51 +00:00
Joe Grandja
a13d7cda99 Temporarily modify workflow to complete 1.4.3 release 2025-04-22 15:36:20 -04:00
github-actions[bot]
fb619ee188 Next development version 2025-04-22 15:40:48 +00:00
github-actions[bot]
27b0504656 Next development version 2025-04-22 15:28:04 +00:00
github-actions[bot]
c42ea5be7d Release 1.3.6 2025-04-22 15:22:30 +00:00
github-actions[bot]
e1a859b16c Release 1.4.3 2025-04-22 15:22:18 +00:00
github-actions[bot]
f12173899b Release 1.5.0-RC1 2025-04-22 15:22:15 +00:00
Joe Grandja
23179507d5 Use OAuth2ParameterNames.REQUEST_URI
Issue gh-1925

Closes gh-1991
2025-04-22 06:06:31 -04:00
Joe Grandja
834d405fee Merge branch '1.4.x' 2025-04-22 05:34:41 -04:00
Joe Grandja
9b94f26aa4 Merge branch '1.3.x' into 1.4.x 2025-04-22 05:33:00 -04:00
dependabot[bot]
0dc3759cff Bump org.springframework.security:spring-security-bom
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.3.8 to 6.3.9.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.3.8...6.3.9)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:22:45 -04:00
dependabot[bot]
aaedad935c Bump org.springframework.security:spring-security-bom
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.4.4 to 6.4.5.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.4.4...6.4.5)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:22:13 -04:00
dependabot[bot]
14f1e70488 Bump org.springframework.security:spring-security-bom
Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 6.5.0-M3 to 6.5.0-RC1.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.5.0-M3...6.5.0-RC1)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 6.5.0-RC1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:21:23 -04:00
dependabot[bot]
76120b9a41 Bump io.spring.security.release from 1.0.4 to 1.0.5
Bumps io.spring.security.release from 1.0.4 to 1.0.5.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:19:55 -04:00
dependabot[bot]
eb6ce03e49 Bump io.spring.security.release from 1.0.4 to 1.0.5
Bumps io.spring.security.release from 1.0.4 to 1.0.5.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:19:23 -04:00
dependabot[bot]
6dceb995f5 Bump io.spring.security.release from 1.0.4 to 1.0.5
Bumps io.spring.security.release from 1.0.4 to 1.0.5.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 05:15:55 -04:00
Joe Grandja
9dd5e2814a Merge branch '1.4.x' 2025-04-21 21:33:45 -04:00
Joe Grandja
f43dce384d Merge branch '1.3.x' into 1.4.x 2025-04-21 21:24:30 -04:00
Joe Grandja
c624d0a908 Revert "Fix client_secret_basic authentication failures and return challenge"
This reverts commit 42c18c856f.
2025-04-21 21:15:05 -04:00
Joe Grandja
7e41e87142 Revert "Allow customizing client authentication failures with AuthenticationEntryPoint"
This reverts commit f415f2a52c.
2025-04-21 21:05:05 -04:00
dependabot[bot]
ad3c5924be Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.5 to 6.2.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.5...v6.2.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 07:11:47 -04:00
dependabot[bot]
7870f476f7 Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.5 to 6.2.6.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.5...v6.2.6)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 07:11:29 -04:00
dependabot[bot]
6ae338245f Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.18 to 6.1.19.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.18...v6.1.19)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 07:11:12 -04:00
dependabot[bot]
fe5ace864c Bump io.spring.security.release from 1.0.3 to 1.0.4
Bumps io.spring.security.release from 1.0.3 to 1.0.4.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 06:49:53 -04:00
dependabot[bot]
88d9724eeb Bump io.spring.security.release from 1.0.3 to 1.0.4
Bumps io.spring.security.release from 1.0.3 to 1.0.4.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 06:49:34 -04:00
dependabot[bot]
6663a87261 Bump io.spring.security.release from 1.0.3 to 1.0.4
Bumps io.spring.security.release from 1.0.3 to 1.0.4.

---
updated-dependencies:
- dependency-name: io.spring.security.release
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 06:49:11 -04:00
dependabot[bot]
81030e63cc Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.19 to 0.0.20.
- [Commits](c203826512...e28269199d)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 06:08:45 -04:00
dependabot[bot]
5a50a0caf5 Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.19 to 0.0.20.
- [Commits](c203826512...e28269199d)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 06:07:53 -04:00
Joe Grandja
f415f2a52c Allow customizing client authentication failures with AuthenticationEntryPoint
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
2025-04-18 07:46:25 -04:00
Joe Grandja
9ecfe49658 Merge branch '1.4.x' 2025-04-18 06:17:46 -04:00
Joe Grandja
f3820e5601 Merge branch '1.3.x' into 1.4.x
Closes gh-1982
2025-04-18 06:10:21 -04:00
Joe Grandja
42c18c856f Fix client_secret_basic authentication failures and return challenge
Closes gh-468
2025-04-18 05:45:25 -04:00
Joe Grandja
2dff08834c Add authorization server metadata for OAuth 2.0 Pushed Authorization Requests (PAR)
Issue gh-1925

Closes gh-1975
2025-04-16 15:21:44 -04:00
Joe Grandja
4b78a5e991 Enforce one-time use for request_uri used in PAR
Issue gh-1925

Closes gh-1974
2025-04-16 06:26:33 -04:00
Joe Grandja
c82aace6d4 Polish tests
Issue gh-1925
2025-04-16 05:50:59 -04:00
Joe Grandja
39cb9bfcea Validate expiry for request_uri used in PAR
Issue gh-1925

Closes gh-1973
2025-04-16 05:50:58 -04:00
Joe Grandja
5458e0855a request_uri used in PAR must be bound to the client
Issue gh-1925

Closes gh-1971
2025-04-15 15:36:09 -04:00
dependabot[bot]
b87bf077ed Bump org.springframework:spring-framework-bom from 6.2.4 to 6.2.5
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.4 to 6.2.5.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.4...v6.2.5)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-28 16:22:05 -04:00
dependabot[bot]
cb7da6aae0 Bump spring-io/spring-doc-actions from 0.0.18 to 0.0.19
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.18 to 0.0.19.
- [Commits](852920ba3f...c203826512)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-28 16:21:41 -04:00
dependabot[bot]
bcdf144b5b Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.16 to 1.0.0-alpha.17.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.16...v1.0.0-alpha.17)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-28 16:21:19 -04:00