Releases: spring-projects/spring-authorization-server
Releases Β· spring-projects/spring-authorization-server
0.4.2
πͺ² Bug Fixes
- Fix refresh token error code INVALID_CLIENT to INVALID_GRANT #1139
- Fixed Broken Support Link #1092
- Fix to save after encoding the secret when registering the client #1056
- Consider allowing localhost in redirect_uri #651
π¨ Dependency Upgrades
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.38 #1164
- Update to Spring Security 5.8.3 #1163
- Update to Spring Framework 5.3.27 #1162
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.0-M2
β New Features
- Enable
upgradeEncoding
for OAuth2 client secrets #1099 - Implement OAuth 2.0 Device Authorization Grant #44
πͺ² Bug Fixes
- Fixed Broken Support Link #1098
π¨ Dependency Upgrades
- Update to nimbus-jose-jwt:9.31 #1132
- Update to Spring Security 6.1.0-M2 #1131
- Update to Spring Framework 6.0.7 #1130
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.0-M1
β New Features
- Add OpenID Connect 1.0 Logout Endpoint #1068
- Implement end_session_endpoint for RP-Initiated Logout #266
π¨ Dependency Upgrades
- Update to mockito-core:4.11.0 #1096
- Update to assertj-core:3.24.2 #1095
- Update to nimbus-jose-jwt:9.30.2 #1094
- Update to Spring Security 6.1.0-M1 #1093
- Update Gradle Enterprise plugin #1067
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.1
β New Features
- ref-doc: authorizedScopes is missing from sql #1045
πͺ² Bug Fixes
- URL-encoded parameters in redirect URI are encoded twice #1074
- redirect_uri resolver is incorrect #1072
- HttpMessageConverters uses jakarta.json.bind.Jsonb #1055
- HttpMessageConverters should use jakarta.json.bind.Jsonb #1054
π¨ Dependency Upgrades
- Update to junit-jupiter:5.9.2 #1091
- Update to jackson-bom:2.14.2 #1090
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1089
- Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1088
- Update to Spring Security 6.0.2 #1087
- Update to Spring Framework 6.0.5 #1086
- Update to Spring Boot 3.0.0 #1024
- Update to Spring Boot 3.0.0 #1023
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
0.4.1
β New Features
- Replace deprecated command with environment file #1063
- Replace deprecated
set-output
command with environment file #1062 - Update how-to-jpa.adoc #1010
- ref-doc: authorizedScopes is missing from sql #1008
πͺ² Bug Fixes
- Fix redirect_uri resolver #1013
- redirect_uri resolver is incorrect #1012
- URL-encoded parameters in redirect URI are encoded twice #1011
π¨ Dependency Upgrades
- Update to junit-jupiter:5.9.2 #1085
- Update to jackson-bom:2.14.2 #1084
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1083
- Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1082
- Update to Spring Security 5.8.2 #1081
- Update to Spring Framework 5.3.25 #1080
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0
0.4.0
β New Features
- Upgrade to JUnit 5 #964
- Update links to current version of OAuth 2.1 #960
- Assert unique identifiers in JdbcRegisteredClientRepository #959
- Add logging #956
- ref-doc: Document Jwt Client Assertion Validation #945
- ref-doc: Add configuration for userinfo endpoint to Getting Started example #917
- Reject client authentication where client_id has non-printable ASCII characters #889
- ref-doc: Document Authorization Request Validation #858
- Add logging #159
π¨ Dependency Upgrades
- Update to jackson-bom 2.14.0 #980
- Update to Spring Security 5.8.0 #979
- Update to Spring Framework 5.3.24 #978
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0-RC1
β New Features
- Merge enhancements from 0.4.x into main #954
- Add @configuration with @EnableWebSecurity #935
- Use AuthorizationFilter #934
- Use SecurityContextRepository.loadDeferredContext() #933
- Use securityMatcher() and authorizeHttpRequests() #922
π¨ Dependency Upgrades
- Downgrade to jackson-bom:2.13.4.20221013 #952
- Update to hsqldb:2.7.0 #938
- Update to mockito-core:4.8.1 #937
- Update to jackson-bom:2.14.0-rc2 #936
- Update to Spring Security 6.0.0-RC1 #932
- Update to Spring Framework 6.0.0-RC2 #931
- Update to Spring Boot 3.0.0-RC1 #930
- Update Gradle Enterprise plugin to 3.11.1 #894
βͺ Non-passive
- Merge non-passive changes from 0.4.x into main #953
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
0.4.0-RC1
β New Features
- Improve customizing OIDC Client Registration endpoint #946
- Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944
- Extract OIDC client configuration implementation #941
- Update OAuth 2.1 spec link in README.adoc #940
- Improve customizing OIDC UserInfo endpoint #929
- OidcUserInfo Change PhoneNumberVerified Field to Boolean #923
- Improve customizing OIDC UserInfo endpoint #785
- Allow ability to customize RegisteredClient during registration #696
πͺ² Bug Fixes
- Fix URL encoding for authorization request state parameter #920
- State parameter does not handle plus sign properly #875
π¨ Dependency Upgrades
- Update to mockito-core:4.8.1 #951
- Update to jackson-bom:2.13.4.20221013 #950
- Update to Spring Security 5.8.0-RC1 #949
- Update to Spring Boot 2.7.5 #948
βͺ Non-passive
- OpenID Connect 1.0 should be disabled by default #928
β€οΈ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.0-M2
β New Features
- Merge enhancements from 0.4.x into main #906
π¨ Dependency Upgrades
- Update to mockito-core:4.8.0 #911
- Update to jackson-bom:2.13.4 #910
- Update to nimbus-jose-jwt:9.24.4 #909
- Update to Spring Security 6.0.0-M7 #908
- Update to Spring Framework 6.0.0-M6 #907
βͺ Non-passive
- Merge non-passive changes from 0.4.x into main #905