spring-projects/spring-authorization-server 0.2.0

on GitHub

⭐ New Features

• Use OAuth2AuthenticationException(String errorCode) #402
• Replace stream usage with for loops #401
• Polish loopback address validation in DefaultRedirectUriOAuth2AuthenticationValidator #396
• Validate redirect_uri on dynamic client registration #392
• JdbcRegisteredClientRepository hashes client secret on save #381
• Provide capability for customizing client authentication #380
• Hash RegisteredClient client_secret on save #378
• Provide configuration for refresh token generator #377
• Provide configuration for authorization code generator #376
• Introduce OAuth2AuthenticationValidator #374
• Add post processor to register ProviderSettings @bean #373
• Add update support in JdbcRegisteredClientRepository #365
• Add update support in JdbcRegisteredClientRepository #356

🪲 Bug Fixes

• Authorization failure should not clear current Authentication #409
• The JDBC-based sample code does not work properly #385
• Do not issue refresh token to public client #379
• Remove use of deprecated ClientAuthenticationMethod's #350
• Cannot request access token for client with CLIENT_SECRET_BASIC #346
• OAuth2AuthorizationCodeAuthenticationProvider should not issue refresh token to public client #296

🔨 Dependency Upgrades

• Update to nimbus-jose-jwt 9.10.1 #408
• Update to jackson-bom 2.12.4 #407
• Update to Spring Boot 2.5.3 #406
• Update Reactor to 2020.0.10 #405
• Update to Spring Security 5.5.2 #404
• Update to Spring Framework 5.3.9 #403

⏪ Non-passive

• Disable Oidc client registration by default #398
• Move OAuth2AuthorizationCode #395
• Polish JwtEncoder APIs #391
• OAuth2ClientAuthenticationToken should support any type of credentials #382
• Remove Context.of() #375
• Extract constants from Settings implementations #369
• Remove OAuth2ErrorCodes2 #368
• Remove OAuth2RefreshToken2 #367
• Make Settings implementations immutable #366
• Use OAuth2Token in OAuth2Authorization #364
• Rename ClientSettings.requireUserConsent() to requireAuthorizationConsent() #363
• Remove deprecated code #362
• Remove OAuth2ParameterNames2 #361
• Make AuthenticationProvider implementations final #360
• Make Filter implementations final #359
• Reduce visibility of default endpoint URI constants #358
• Move AuthenticationConverter's to web.authentication package #357
• Rename OAuth2TokenIntrospectionClaimAccessor.getScope() to getScopes() #354

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @sjohnr
• @ovidiupopa91
• @anoopgarlapati
• @bibibiu2017