Commit Graph

599 Commits

Author SHA1 Message Date
Michael Sosa
52888d6206 Warn when AuthorizationGrantType does not match
Log a warning when AuthorizationGrantType does not exactly match a
pre-defined constant.

Closes gh-11905
2022-11-17 14:17:54 -06:00
Steve Riesenberg
71eb71d185 Merge branch '5.7.x' into 5.8.x
Closes gh-12206
2022-11-14 12:11:59 -06:00
Steve Riesenberg
67a1f0836b Merge branch '5.6.x' into 5.7.x
Closes gh-12205
2022-11-14 12:10:55 -06:00
Steve Riesenberg
fde26e003a Request user info when AS returns no scopes
Closes gh-12144
2022-11-10 16:29:43 -06:00
Josh Cummings
d29ab8bcae Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8 Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs.
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
2022-11-01 12:35:39 -06:00
Steve Riesenberg
66f2f1cde7 Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg
2915a70bf7 Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg
26a51ee198 Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg
e7fe778abc Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg
3e2ac82612 Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg
5560bbaa80 Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg
75004587a4 Fix scope mapping
Issue gh-12101
2022-10-28 11:00:27 -05:00
Steve Riesenberg
bbac85e20b Reduce severity of invalid registrationId to warn
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
2022-09-26 09:56:20 -05:00
Daniel Garnier-Moiroux
bea7761a1c ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Rob Winch
32dbaceec5 Fix mockito 4.7.0 merge
Issue gh-11748
2022-08-24 08:58:00 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Igor Bolic
efaee4e56b Allow customization of redirect strategy
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
2022-08-08 15:35:49 -05:00
Joe Grandja
95155ddb0c Deprecate Resource Owner Password Credentials grant
Closes gh-11590
2022-07-15 16:28:47 -04:00
Josh Cummings
1d72a05c32 Add SecurityContextHolderStrategy to OAuth2
Issue gh-11060
2022-06-27 13:05:12 -06:00
Josh Cummings
539a11d0a4 Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:13:42 -06:00
Josh Cummings
f035c30edb Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:12:13 -06:00
Josh Cummings
01513ab17e Add placeholders to reactive post_logout_redirect_uri
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
2022-06-16 16:10:26 -06:00
Josh Cummings
6f69d85fcb Reactive OAuth 2.0 logout handler resolves registrationId
Closes gh-11378
2022-06-16 16:09:57 -06:00
Josh Cummings
3f30de388a Encode postLogoutRedirectUri query params
Closes gh-11379
2022-06-16 16:09:56 -06:00
Michael
e4505ed6c8 Add placeholders to post_logout_redirect_uri
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
2022-06-16 16:09:56 -06:00
Steve Riesenberg
f0168c6c27 Add support for customizing claims in JWT Client Assertion
Closes gh-9855
2022-03-17 09:53:16 -05:00
Joe Grandja
50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja
a2ffc88294 Allow configuring PKCE for confidential clients
Closes gh-6548
2022-03-16 13:33:12 -04:00
Simone Giannino
73003d59d6 OAuth 2.0 logout handler resolves uri placeholders
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
2022-03-15 12:54:39 -06:00
Josh Cummings
931fb6a328 Move UnmodifiableMapDeserializer
Issue gh-10905
2022-03-01 14:03:41 -07:00
Joe Grandja
214cfe807e Allow Jwt assertion to be resolved
Closes gh-9812
2022-01-10 10:42:10 -05:00
Dávid Kováč
17e28fa7aa Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 13:48:32 +01:00
Dávid Kováč
aa1ef46d84 Update clockSkew javadoc according to implementation
Closes gh-10174
2021-11-19 13:33:05 +01:00
Khaled Hamlaoui
00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler
Closes gh-10425
2021-11-16 15:27:48 -06:00
Steve Riesenberg
076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-22 10:19:34 -05:00
Rob Winch
f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Steve Riesenberg
3b564b2026 Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient
This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
2021-10-06 13:09:33 -05:00
Steve Riesenberg
9b24f66f1c Implement reactive support for JWT as an Authorization Grant
Closes gh-10147
2021-10-05 16:09:24 -05:00
Joe Grandja
97c949d929 oauth2Login() AuthenticationProvider's preserve root cause exception when rethrown
Closes gh-10228
2021-09-24 10:41:31 -04:00
Joe Grandja
5830fda2fa Introduce JwtEncoder
Closes gh-9208
2021-09-24 05:13:40 -04:00
bishoy basily
860690491a Add setBodyExtractor
Closes gh-10260
2021-09-22 15:32:19 -06:00
Rujun Chen
9b4ddd7e0a Make AuthorizationGrantTypeConverter support custom grant type
Closes gh-10155
2021-08-19 13:13:20 -04:00
Steve Riesenberg
6d6dc113d8 Add converter for authentication result in OAuth2LoginAuthenticationFilter
Closes gh-10033
2021-08-10 16:50:19 -05:00
Steve Riesenberg
fc553bf19a Add gh-10130 to tests 2021-08-09 15:33:54 -05:00
Steve Riesenberg
acca3dba69 Polish gh-10131 2021-08-09 11:07:12 -05:00
Vincent Boulaye
044157061f Enable customizing headers in token requests
Adds the possibility to customize the headers of the access token request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient, similarly to what is done in the AbstractOAuth2AuthorizationGrantRequestEntityConverter.

Closes gh-10130
2021-08-09 10:50:37 -05:00
Steve Riesenberg
e1b6a7ba29 Revert "URL encode client credentials"
This reverts commit c0200512a7.

Issue gh-9610 gh-9863
Closes gh-10018
2021-07-20 14:06:46 -05:00