3.0.0 (2020-12-30)
Breaking Changes
- Change group id from
com.microsoft.azuretocom.azure.spring. - Change artifact id from
azure-active-directory-spring-boot-startertoazure-spring-boot-starter-active-directory. - Deprecate
AADAppRoleStatelessAuthenticationFilterandAADAuthenticationFilter. - Deprecate following
azure-spring-boot-starter-active-directoryconfiguration properties:spring.security.oauth2.client.provider.azure.* spring.security.oauth2.client.registration.azure.* azure.activedirectory.environment azure.activedirectory.user-group.key azure.activedirectory.user-group.value azure.activedirectory.user-group.object-id-key - Stop support of Azure Active Directory Endpoints.
New Features
- Support consent of multiple client registrations during user login.
- Support on-demand client registrations.
- Support the use of
@RegisteredOAuth2AuthorizedClientannotation to getOAuth2AuthorizedClient. - Support access control through users' membership information.
- Support on-behalf-of flow in the resource server.
- Provide AAD specific token validation of audience validation and issuer validation.
- Expose a flag
isPersonalAccountinAADOAuth2AuthenticatedPrincipalto specify the account type in use: work account or personal account. - Enable loading transitive membership information from Microsoft Graph API.
- Enable following
azure-spring-boot-starter-active-directoryconfiguration properties:# Redirect URI of authorization server azure.activedirectory.redirect-uri-template # Refresh time of the cached JWK set before it expires, default value is 5 minutes. azure.activedirectory.jwk-set-cache-refresh-time # Logout redirect URI azure.activedirectory.post-logout-redirect-uri # base URI for authorization server, default value is "https://login.microsoftonline.com/" azure.activedirectory.base-uri # Membership URI of Microsoft Graph API to get users' group information, default value is "https://graph.microsoft.com/v1.0/me/memberOf" azure.activedirectory.graph-membership-uri