⭐ New Features
- Add code challenge methods for oidc provider configuration response #1329
- Adds ability to inject custom metadata at client registration #1326
- Adds dynamic client registration how-to guide #1320
- code_challenge_methods_supported field not in openid-configuration endpoint #1302
- Migrate docs to Antora #1295
- Antora #1292
- Adds how-to guide on adding authorities to access tokens #1264
- Issue 1246 adding debug log entry #1261
- Consider logging missing
code_verifierwhencode_challengeis included in authorization request #1248 - Consider logging missing
code_challengewhen PKCE is required #1247 - Consider logging invalid client secret #1246
- Consider logging invalid
redirect_uriandscope#1245 - Fix :spring-authorization-server-docs:asciidoctor cacheability #1231
- Simplify dynamic client registration with custom metadata #1172
- How-to: Dynamic client registration #647
- How-to: Authorize an access token containing custom authorities #542
🪲 Bug Fixes
- Fix: add length validation to prevent 500 error on invalid usercode #1318
🔨 Dependency Upgrades
- Update to okhttp 4.11.0 #1368
- Update to junit-jupiter 5.10.0 #1367
- Update to nimbus-jose-jwt 9.35 #1366
- Update to Spring Security 6.2.0-M3 #1365
- Update to Spring Framework 6.1.0-M5 #1364
❤️ Contributors
We'd like to thank all the contributors who worked on this release!