Releases: spring-projects/spring-authorization-server
Releases · spring-projects/spring-authorization-server
0.4.5
🪲 Bug Fixes
- Fix to ensure endpoints distinguish between form and query parameters #1468
- Token endpoint should not use query parameters #1451
- Issuer should not support path component #1435
- Add default 15s timeout for fetching JWKSets #1433
- Fix tests for OAuth2 Authorization Server Metadata Endpoint #1419
- Fix tests for OIDC Provider Configuration Endpoint #1416
- Default timeout should be set when fetching JWKSet for private_key_jwt #1413
🔨 Dependency Upgrades
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.2.0
⭐ New Features
- Move AOT hints to main module #1446
- Allow configurable refresh token strategy for authorization_code grant #1432
- Allow for a configurable strategy for granting refresh_token #1430
- Add AOT hints for demo-authorizationserver sample #1380
- Add how-to guide for dynamic client registration with custom metadata #1376
- ref-doc: Describe main use cases for using Spring Authorization Server #1371
- Consider adding jti claim in JWT #1360
📔 Documentation
- How-to: Customize client metadata during dynamic client registration #1044
🔨 Dependency Upgrades
- Update to com.squareup.okhttp3 4.12.0 #1460
- Update to junit-jupiter 5.10.1 #1459
- Update to nimbus-jose-jwt 9.37.1 #1458
- Update to jackson-bom 2.16.0 #1457
- Update to Spring Security 6.2.0 #1456
- Update to Spring Framework 6.1.0 #1455
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.2.0-RC1
⭐ New Features
- Add reusable default authentication failure handler #1384
🔨 Dependency Upgrades
- Update to nimbus-jose-jwt 9.37 #1408
- Update to jackson-bom 2.15.3 #1407
- Update to Spring Security 6.2.0-RC2 #1406
- Update to Spring Framework 6.1.0-RC1 #1405
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.3
1.0.4
0.4.4
🪲 Bug Fixes
- Fix typo: context.getHeaders() to context.getJwsHeader() #1391
- client_id and client_secret provided via query parameters are accepted for client_secret_post #1378
- Fix to return hashed client_secret when registering with client_secret_jwt #1345
- Should return hashed client_secret when registering with client_secret_jwt #1344
🔨 Dependency Upgrades
- Update to Spring Boot 2.7.16 #1396
- Update to Spring Security 5.8.8 #1395
- Update to Spring Framework 5.3.30 #1394
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.2.0-M1
⭐ New Features
- Add code challenge methods for oidc provider configuration response #1329
- Adds ability to inject custom metadata at client registration #1326
- Adds dynamic client registration how-to guide #1320
- code_challenge_methods_supported field not in openid-configuration endpoint #1302
- Migrate docs to Antora #1295
- Antora #1292
- Adds how-to guide on adding authorities to access tokens #1264
- Issue 1246 adding debug log entry #1261
- Consider logging missing
code_verifierwhencode_challengeis included in authorization request #1248 - Consider logging missing
code_challengewhen PKCE is required #1247 - Consider logging invalid client secret #1246
- Consider logging invalid
redirect_uriandscope#1245 - Fix :spring-authorization-server-docs:asciidoctor cacheability #1231
- Simplify dynamic client registration with custom metadata #1172
- How-to: Dynamic client registration #647
- How-to: Authorize an access token containing custom authorities #542
🪲 Bug Fixes
- Fix: add length validation to prevent 500 error on invalid usercode #1318
🔨 Dependency Upgrades
- Update to okhttp 4.11.0 #1368
- Update to junit-jupiter 5.10.0 #1367
- Update to nimbus-jose-jwt 9.35 #1366
- Update to Spring Security 6.2.0-M3 #1365
- Update to Spring Framework 6.1.0-M5 #1364
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.2
🪲 Bug Fixes
- Fix samples test suite execution and failing tests #1325
- Samples test suite is not executed as part of build process #1324
- Fix: add length validation to prevent 500 error on invalid usercode #1309
- Fix generating ID token with null sid when refresh_token grant #1289
- Default error controller throws NPE when error message attribute missing #1286
- Generating ID token when sid null during refresh_token grant throws IllegalArgumentException #1283
🔨 Dependency Upgrades
- Update to org.hsqldb:hsqldb 2.7.2 #1340
- Update to Spring Security 6.1.2 #1339
- Update to Spring Framework 6.0.11 #1338
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.1
⭐ New Features
- Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1223
- Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1222
🪲 Bug Fixes
- Device Grant AuthenticationConverter's can not handle multi-valued parameters #1269
- OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1268
- Validate authorized principal instead of sub during logout #1235
- Fix NPE on access token in OAuth2AuthorizationCodeAuthenticationProvider #1233
- ID Token missing sid claim after refresh_token grant #1224
- Revert serialVersionUID to 1.1.0 #1220
🔨 Dependency Upgrades
- Update to jackson-bom 2.15.2 #1282
- Update to Spring Security 6.1.1 #1279
- Update to Spring Framework 6.0.10 #1278
- Update com.gradle.enterprise plugin to 3.13.3 #1234
- Update to Spring Boot 3.1.0 #1229
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.3
🪲 Bug Fixes
- OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1267
- Revert serialVersionUID to 1.0.0 #1219
- Fix artifact build properties for Artifactory #1180
- Apply ArtifactoryPlugin to SpringRootProjectPlugin #1178
🔨 Dependency Upgrades
- Update to junit-jupiter 5.9.3 #1281
- Update to Spring Security 6.0.4 #1277
- Update to Spring Framework 6.0.10 #1276
- Update to jackson-bom 2.14.3 #1275
- Update spring-asciidoctor-backends to 0.0.5 #1194
- Update io.spring.ge.conventions plugin to 0.0.13 #1193
- Update to org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0 #1176