⭐ New Features
- Enhance samples to call UserInfo endpoint #847
- Update custom consent page sample #802
- Add the time-to-live config for an authorization code at TokenSettings #786
- Allow configuration for authorization code time-to-live #642
🪲 Bug Fixes
- Registered scopes should not be defaulted for client_credentials grant #780
- Make the default scope empty for client_credentials grant #738
🔨 Dependency Upgrades
- Update to nimbus-jose-jwt:9.23 #857
- Update to Spring Security 5.8.0-M2 #856
- Update to Spring Framework 5.3.22 #855
- Update Gradle Enterprise plugin #788
⏪ Non-passive
- Remove generic type from OAuth2AuthorizationServerConfigurer #831
- Remove OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME #829
- Rename JwtEncodingContext.getHeaders() to getJwsHeader() #826
- Make builders final for AbstractSettings implementations #825
- Make OAuth2TokenIntrospectionEndpointConfigurer.getRequestMatcher() package-private #824
- Relocate and rename Version #823
- Relocate OAuth2TokenFormat #822
- Relocate OAuth2TokenType #821
- Relocate OAuth2AuthorizationCode #820
- Relocate OAuth2TokenIntrospection #819
- Relocate OidcUserInfoHttpMessageConverter #818
- Relocate OidcClientRegistration #817
- Relocate OidcProviderConfiguration #816
- Relocate OAuth2AuthorizationServerMetadata #815
- Relocate classes out from oauth2.core.context package #814
- Relocate classes out from oauth2.core.authentication package #813
- Relocate classes out from oauth2.core package #812
- Move AbstractSettings implementations to settings package #811
- Relocate classes out from config.annotation package #810
❤️ Contributors
We'd like to thank all the contributors who worked on this release!