Releases: spring-projects/spring-authorization-server
Releases Β· spring-projects/spring-authorization-server
1.0.1
β New Features
- ref-doc: authorizedScopes is missing from sql #1045
πͺ² Bug Fixes
- URL-encoded parameters in redirect URI are encoded twice #1074
- redirect_uri resolver is incorrect #1072
- HttpMessageConverters uses jakarta.json.bind.Jsonb #1055
- HttpMessageConverters should use jakarta.json.bind.Jsonb #1054
π¨ Dependency Upgrades
- Update to junit-jupiter:5.9.2 #1091
- Update to jackson-bom:2.14.2 #1090
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1089
- Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1088
- Update to Spring Security 6.0.2 #1087
- Update to Spring Framework 6.0.5 #1086
- Update to Spring Boot 3.0.0 #1024
- Update to Spring Boot 3.0.0 #1023
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
0.4.1
β New Features
- Replace deprecated command with environment file #1063
- Replace deprecated
set-outputcommand with environment file #1062 - Update how-to-jpa.adoc #1010
- ref-doc: authorizedScopes is missing from sql #1008
πͺ² Bug Fixes
- Fix redirect_uri resolver #1013
- redirect_uri resolver is incorrect #1012
- URL-encoded parameters in redirect URI are encoded twice #1011
π¨ Dependency Upgrades
- Update to junit-jupiter:5.9.2 #1085
- Update to jackson-bom:2.14.2 #1084
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1083
- Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1082
- Update to Spring Security 5.8.2 #1081
- Update to Spring Framework 5.3.25 #1080
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0
0.4.0
β New Features
- Upgrade to JUnit 5 #964
- Update links to current version of OAuth 2.1 #960
- Assert unique identifiers in JdbcRegisteredClientRepository #959
- Add logging #956
- ref-doc: Document Jwt Client Assertion Validation #945
- ref-doc: Add configuration for userinfo endpoint to Getting Started example #917
- Reject client authentication where client_id has non-printable ASCII characters #889
- ref-doc: Document Authorization Request Validation #858
- Add logging #159
π¨ Dependency Upgrades
- Update to jackson-bom 2.14.0 #980
- Update to Spring Security 5.8.0 #979
- Update to Spring Framework 5.3.24 #978
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0-RC1
β New Features
- Merge enhancements from 0.4.x into main #954
- Add @configuration with @EnableWebSecurity #935
- Use AuthorizationFilter #934
- Use SecurityContextRepository.loadDeferredContext() #933
- Use securityMatcher() and authorizeHttpRequests() #922
π¨ Dependency Upgrades
- Downgrade to jackson-bom:2.13.4.20221013 #952
- Update to hsqldb:2.7.0 #938
- Update to mockito-core:4.8.1 #937
- Update to jackson-bom:2.14.0-rc2 #936
- Update to Spring Security 6.0.0-RC1 #932
- Update to Spring Framework 6.0.0-RC2 #931
- Update to Spring Boot 3.0.0-RC1 #930
- Update Gradle Enterprise plugin to 3.11.1 #894
βͺ Non-passive
- Merge non-passive changes from 0.4.x into main #953
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
Contributors
configuration
Assets 2
0.4.0-RC1
β New Features
- Improve customizing OIDC Client Registration endpoint #946
- Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944
- Extract OIDC client configuration implementation #941
- Update OAuth 2.1 spec link in README.adoc #940
- Improve customizing OIDC UserInfo endpoint #929
- OidcUserInfo Change PhoneNumberVerified Field to Boolean #923
- Improve customizing OIDC UserInfo endpoint #785
- Allow ability to customize RegisteredClient during registration #696
πͺ² Bug Fixes
- Fix URL encoding for authorization request state parameter #920
- State parameter does not handle plus sign properly #875
π¨ Dependency Upgrades
- Update to mockito-core:4.8.1 #951
- Update to jackson-bom:2.13.4.20221013 #950
- Update to Spring Security 5.8.0-RC1 #949
- Update to Spring Boot 2.7.5 #948
βͺ Non-passive
- OpenID Connect 1.0 should be disabled by default #928
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0-M2
β New Features
- Merge enhancements from 0.4.x into main #906
π¨ Dependency Upgrades
- Update to mockito-core:4.8.0 #911
- Update to jackson-bom:2.13.4 #910
- Update to nimbus-jose-jwt:9.24.4 #909
- Update to Spring Security 6.0.0-M7 #908
- Update to Spring Framework 6.0.0-M6 #907
βͺ Non-passive
- Merge non-passive changes from 0.4.x into main #905
0.4.0-M2
β New Features
- Return registration_endpoint in OidcProviderConfigurationEndpointFilter #881
- Allow customizing Authorization Server Metadata Response #878
- validate client secret expired or not #862
- Check client secret not expired in ClientSecretAuthenticationProvider #850
- Use configured ID Token signature algorithm #787
- Ability to modify OIDC provider configuration #616
- Allow adding an AuthenticationProvider and AuthenticationConverter #417
- Return registration_endpoint in OidcProviderConfigurationEndpointFilter #370
π¨ Dependency Upgrades
- Update to okhttp:4.10.0 #904
- Update to mockito-core:4.8.0 #903
- Update to assertj-core:3.23.1 #902
- Update to jackson-bom:2.13.4 #901
- Update to nimbus-jose-jwt:9.24.4 #900
- Update to Spring Security 5.8.0-M3 #899
- Update to Spring Framework 5.3.23 #898
βͺ Non-passive
- Decompose OAuth2AuthorizationCodeRequestAuthenticationProvider #896
- Remove OAuth2AuthenticationValidator #891
- Make OAuth2AuthenticationContext an interface #890
- Remove constructor in OidcProviderConfigurationEndpointFilter #869
- Remove constructor in OAuth2AuthorizationServerMetadataEndpointFilter #868
- Make AuthorizationServerContext an interface #867
- Make AuthorizationServerContextFilter private #866
- Rename ProviderContext #865
- Rename ProviderSettings #864
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0-M1
β New Features
π¨ Dependency Upgrades
- Update to org.hsqldb:hsqldb:2.6.1 #843
- Update to com.squareup.okhttp3:okhttp:4.10.0 #842
- Update to mockito-core:4.6.1 #841
- Update to assertj-core:3.23.1 #840
- Update to nimbus-jose-jwt:9.23 #839
- Update to jakarta.servlet-api:5.0.0 #838
- Update to thymeleaf-extras-springsecurity6 #837
- Update to Spring Security 6.0.0-M6 #836
- Update to Spring Framework 6.0.0-M5 #835
- Update to Spring Boot 3.0.0-M4 #834
0.4.0-M1
β New Features
- Enhance samples to call UserInfo endpoint #847
- Update custom consent page sample #802
- Add the time-to-live config for an authorization code at TokenSettings #786
- Allow configuration for authorization code time-to-live #642
πͺ² Bug Fixes
- Registered scopes should not be defaulted for client_credentials grant #780
- Make the default scope empty for client_credentials grant #738
π¨ Dependency Upgrades
- Update to nimbus-jose-jwt:9.23 #857
- Update to Spring Security 5.8.0-M2 #856
- Update to Spring Framework 5.3.22 #855
- Update Gradle Enterprise plugin #788
βͺ Non-passive
- Remove generic type from OAuth2AuthorizationServerConfigurer #831
- Remove OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME #829
- Rename JwtEncodingContext.getHeaders() to getJwsHeader() #826
- Make builders final for AbstractSettings implementations #825
- Make OAuth2TokenIntrospectionEndpointConfigurer.getRequestMatcher() package-private #824
- Relocate and rename Version #823
- Relocate OAuth2TokenFormat #822
- Relocate OAuth2TokenType #821
- Relocate OAuth2AuthorizationCode #820
- Relocate OAuth2TokenIntrospection #819
- Relocate OidcUserInfoHttpMessageConverter #818
- Relocate OidcClientRegistration #817
- Relocate OidcProviderConfiguration #816
- Relocate OAuth2AuthorizationServerMetadata #815
- Relocate classes out from oauth2.core.context package #814
- Relocate classes out from oauth2.core.authentication package #813
- Relocate classes out from oauth2.core package #812
- Move AbstractSettings implementations to settings package #811
- Relocate classes out from config.annotation package #810
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!