micronaut-projects/micronaut-security v2.0.1 on GitHub

Dependency upgrades

DefaultOpenIdTokenResponseValidator:

JwtValidator:

Fixed bugs:

JWT validation failed using Cognito with Google Oauth2 #346
SecurityService::hasRole should be case sensitive both for collections and strings #325
fix: load CookieNoncePersistence in application context #355 (@sdelamo)
DefaultSecurityService should use RolesFinder #328 (@sdelamo)
Check if the Authorization value is long enough to substring the prefix in BasicAuthAuthenticationFetcher #321 (@sdelamo)

Closed issues:

Recognise absolute oauth2 callback-uri as absolute and don't append it to the base uri #370
Unnecessary warning: Invalid JWT serialization #344
Token refresh process improvements #315
Micronaut Security: master as the default branch #312
jwt authentication support in http/2 #300
SAML Support #290

Merged pull requests:

doc: fix broken link to javadoc #382 (@sdelamo)
build(deps): bump unboundid-ldapsdk from 5.1.0 to 5.1.1 #373 (@dependabot[bot])
refactor: cache JkwsSignature for jwks uri #362 (@sdelamo)
feat: allow NonceClaimValidator to be disabled #358 (@sdelamo)
refactor: extract two proteced methods to simplify override #357 (@sdelamo)
docs: Improve documentation about nonce #356 (@sdelamo)
test: add test for session nonce persistence #354 (@sdelamo)
test: simplify state parsing #353 (@sdelamo)
test: bean of type NonceConfiguration by default #352 (@sdelamo)
log: better logging if nonce validator fails #351 (@sdelamo)
refactor: move JWTValidator logging to trace level #350 (@sdelamo)
Update rejectNotFound.adoc, boolean value is incorrect in doc #345 (@chrismckiernan)
fix: SecurityService::hasRole case sensitive #326 (@sdelamo)
test: @secured roles case sensitive #324 (@sdelamo)
Small refactoring of TokenAuthenticationFetcher #289 (@dstepanov)

Recognise absolute oauth2 callback-uri as absolute and don't append it to the base uri (#370)