⭐ New Features
- Add JDK 12 Build #6774
- Update Gradle version to 5.3.1 #6747
- Align JavaDoc in SecureRandomFactoryBean #6734
- Fix a typo #6725
- Introduce AuthenticationManagerResolver #6722
- Defer downstream filter execution if no OAuth2AuthorizedClient is found #6719
- Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe #6717
- URL Cleanup #6662
- URL Cleanup #6655
- Simplify MediaTypeRequestMatcher construction #6648
- Polish #6635
- Introduced placeholder support for headers tag attributes #6623
- Allowing for a @bean of type OAuth2AccessTokenResponseClient<OAuth2Cl… #6606
- Throw exception that was created but not thrown #6604
- documentation: remove out-of-date #6603
- OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @bean #6587
- OAuth2ClientConfiguration discovers client_credentials OAuth2AccessTokenResponseClient #6572
- Multi tenancy for Resource Server #6563
- Introduce @CurrentSecurityContext for method arguments #6562
- Fix Broken Documentation Link #6555
- Broken URL in documentation #6553
- Add Support for Clear Site Data on Logout #6550
- Introduce @CurrentSecurityContext for method arguments #6546
- Reactive Opaque Token Support #6519
- OidcIdTokenValidator ensures clockSkew is positive number #6514
- Add Reactive Opaque Token Support to Resource Server #6513
- Properties should reference scope not scopes #6510
- HeaderWriterFilter writes headers at beginning #6509
- Introduce OAuth2AuthorizationRequest.attributes #6508
- Introduce Support for Reading RSA Keys #6505
- NimbusReactiveJwtDecoder Takes Reactive Processor #6499
- Support symmetric key for JwtDecoder #6495
- Add RSA Key Converters #6494
- Improve formatting of LDAP snippets in Reference Documentation #6486
- Add client support for PKCE #6485
- OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @bean #6477
- Add new configuration options for OAuth2LoginSpec #6462
- Update to nimbus-jose-jwt:6.7 #6459
- Consider having HeaderWriters check before writing #6456
- Added CompositeHeaderWriter #6455
- Consider having HeaderWriters check before writing #6454
- Add a composite HeaderWriter class #6453
- Support PKCE for Client #6446
- OidcIdTokenValidator ensures clockSkew is positive number #6443
- Save original request on oauth2Client filter #6418
- Add Support for Opaque OAuth2 Tokens to Resource Server #6352
- Add preload support to Strict-Transport-Security #6312
- Remove Servlet Spec 2.5 and 3.0 support #6220
- OAuth2ResourceServerConfigurerTests should avoid MockWebServer #6104
- OAuth2AuthorizationRequest.additionalParameters should not contain registration_id #5940
- NimbusReactiveJwtDecoder should accept a custom processor #5937
- Improve OAuth2LoginSpec with more configuration options #5598
- Provide support for symmetric key verification via JwtDecoder #5465
- Support for OIDC Logout #5356
- Multi-tenancy support for OAuth2 #5351
- Support RP (Client) initiated logout #5350
- Provide support for OAuth 2.0 Token Introspection #5200
- Add Clear Site Data to Log Out #4187
🪲 Bug Fixes
- ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining #6526
- Update resource-server.adoc #6523
- Fixed broken link #6522
- Fix broken link in README.adoc #6521
- Preserve existing refresh token if new refresh token not returned #6504
- Refreshing access token may remove refresh token from AuthorizedClient #6503
- ServletOAuth2AuthorizedClientExchangeFilterFunction Does Not Work For Chained Reactive Methods #6483
- Missing spring: prefix on jwk-set-uri example #6479
- Improve CsrfBeanDefinitionParser xml parsing #6451
- HTML markup fixed in DefaultLoginPageGeneratingFilter #6448
- XML configuration with multiple security:http register multiple requestDataValueProcessor #6423
- Invalid html in default login page #6417
- Webflux Oauth2 .oauth2Client() doesn't redirect back to the original request after authenticating in the auth server #6341
- Fix OAuth2 Client with Ditributed Session #6215
❤️ Contributors
We'd like to thank all the contributors who worked on this release!