Releases: spring-projects/spring-authorization-server
Releases · spring-projects/spring-authorization-server
0.1.1
⭐ New Features
- master->main #284
- Use PasswordEncoder in OAuth2ClientAuthenticationProvider #272
- Use PasswordEncoder to verify client credentials #271
- Redirect URI validation for loopback address #244
- Redirect URI validation for loopback address #243
- Implement OpenID client registration endpoint #189
- Implement OAuth 2.0 Server Metadata (RFC 8414) #167
- Implement Token Introspection Endpoint #161
- Implement OpenID Connect 1.0 Client Registration Endpoint #57
- Implement OAuth 2.0 Authorization Server Metadata #54
- Implement Token Introspection Endpoint #52
🪲 Bug Fixes
- Sample auth server doesn't work #273
- Login page should not be configured in OAuth2AuthorizationServerConfigurer #267
- Scope "openid" should be in access token scopes #252
🔨 Dependency Upgrades
- Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security #257
- Align dependencies with the version of Spring Security being used #256
- Bump Jacoco to 0.8.6 #246
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
0.1.0
⭐ New Features
- Propagate additional token request parameters #226
- openid scope should not require user consent #225
- Set iss claim in Jwt using configured issuer #223
- Add OAuth2Authorization.id #220
- Introduce base Authentication for authorization grant #216
- Add JoseHeader.builder() #215
- Use configuration from ProviderSettings in OAuth2AuthorizationServerConfigurer #201
- Use ProviderSettings in OAuth2AuthorizationServerConfigurer #182
- Allow customizing Jwt claims and headers #173
- Register SecurityFilterChain instead of WebSecurityConfigurerAdapter #163
- Implement OpenID Provider Configuration endpoint #143
- Add client secret POST authentication method support #140
- Support client authentication method POST #134
- Implement OpenID Provider Configuration endpoint #55
- Implement OpenID Connect 1.0 Authorization Code Flow #53
🪲 Bug Fixes
- OAuth2AccessToken.scopes includes authorized or requested scopes #224
- InMemoryOAuth2AuthorizationService.save() should support insert and update #222
- JwkSet endpoint returns empty keys #198
- token_type_hint should be used as a hint only #188
- token_type_hint should be used as a hint only #175
- Unknown token_type_hint should be ignored #174
- Configured TokenSettings.accessTokenTimeToLive() not used #172
- Ensure refresh token is not revoked #169
- Refresh token should not be issued if client is not configured with refresh_token grant type#155 #168
- Ensure refresh token is not revoked #158
- Refresh token should not be issued if client is not configured with refresh_token grant type #155
- Sample not working with Spring Boot 2.4.0 #154
- Building the project fails #153
🔨 Dependency Upgrades
- Update to json-path 2.4.0 #239
- Update to okhttp3:okhttp 3.14.9 #238
- Update to okhttp3:mockwebserver 3.14.9 #237
- Update to mockito-core 3.6.28 #236
- Update to assertj-core 3.18.1 #235
- Update to junit 4.13.1 #234
- Update to javax.servlet-api 4.0.1 #233
- Update to nimbus-jose-jwt 9.1.3 #232
- Update to oauth2-oidc-sdk 8.23.1 #231
- Update to Reactor 2020.0.3 #230
- Update to Spring Security 5.4.2 #229
- Update to Spring Framework 5.3.3 #228
- Update to Spring Boot 2.4.2 #227
⏪ Non-passive
- Improve naming of KeyManager and ManagedKey #105
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
0.0.3
⭐ New Features
- Reuse client authentication assertion #144
- Enforce one-time use for authorization code #138
- Introduce OAuth2Tokens #137
- Add Refresh Token grant support #128
- Implement Token Revocation Endpoint #84
- Implement Token Revocation Endpoint #83
- Add Refresh Token Grant #50
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
0.0.2
⭐ New Features
- Provide client configuration settings #117
- Allow CORS requests to JWK Set endpoint #110
- Add docs skeleton to the project #107
- Add PKCE support #93
- Add support for Proof Key for Code Exchange (PKCE) #45
- Add Authorization (User) Consent page #42
🪲 Bug Fixes
- Oauth 2.0 Integration Sample: java.lang.NoSuchMethodError: com.nimbusds.jose.Header.toJSONObject() #122
- Constrain version for com.nimbusds:nimbus-jose-jwt #113
- WebSecurityConfigurer @order(100) is broken when Actuator is also present #103
🔨 Dependency Upgrades
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
0.0.1
⭐ New Features
- InMemoryOAuth2AuthorizationService should uniquely identify an OAuth2Authorization #98
- Add OAuth2AuthorizationServerConfigurer.getEndpointMatchers() #97
- Introduce JwtEncoder with JWS implementation #96
- Align modules with Spring Security #95
- Add @configuration providing default security configuration #91
- Add integration tests for Authorization Code Grant #89
- Add client_credentials grant type support #88
- Copy SpringTestRule #86
- Add OAuth2AuthorizationServerConfigurer #85
- Implement JWK Set Endpoint #82
- Add JwtEncoder to support JWT/JWS #81
- Added token endpoint implementation #79
- Add client credentials authentication filter #78
- Authorization Endpoint filter for Authorization Code flow #77
- Implement Client Credentials Authentication #72
- Add in-memory implementation for OAuth2AuthorizationService #71
- Add support for Client Registration Model and InMemory Client Repository #70
- Implement authorization_code AuthenticationProvider #68
- Implement Token Endpoint #67
- Implement Authorization Endpoint #66
- Stub out authorization_code grant implementation #65
- Add support for Client Credentials Grant #51
- Epic: JWT / JWS / JWK #46
- Implement Authorization Model / Service #43
- Epic: Client Authorization Model #41
- Implement Client Registration Model / Repository #40
- Implement Client Authentication #39
- Epic: Access Token Request Exchange #38
- Epic: Authorization Request Exchange #36
- JWK endpoint as filter #31
- Add Resource Server Sample #30
- Add Authorization Code Grant sample #25
- Spring Boot sample #23
- Integrate Gradle Enterprise plugin #20
- Add a Client Credentials Authentication Filter #5
- Add Resource Server Sample #4
- Add JWK Set Endpoint #2
- Add Empty Spring Boot Sample #1
❤️ Contributors
We'd like to thank all the contributors who worked on this release!