Spring Authorization Server Versions Save

Spring Authorization Server

1.1.0-M1

1 year ago

:star: New Features

  • Add OpenID Connect 1.0 Logout Endpoint #1068
  • Implement end_session_endpoint for RP-Initiated Logout #266

:hammer: Dependency Upgrades

  • Update to mockito-core:4.11.0 #1096
  • Update to assertj-core:3.24.2 #1095
  • Update to nimbus-jose-jwt:9.30.2 #1094
  • Update to Spring Security 6.1.0-M1 #1093
  • Update Gradle Enterprise plugin #1067

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

1.0.1

1 year ago

:star: New Features

  • ref-doc: authorizedScopes is missing from sql #1045

:beetle: Bug Fixes

  • URL-encoded parameters in redirect URI are encoded twice #1074
  • redirect_uri resolver is incorrect #1072
  • HttpMessageConverters uses jakarta.json.bind.Jsonb #1055
  • HttpMessageConverters should use jakarta.json.bind.Jsonb #1054

:hammer: Dependency Upgrades

  • Update to junit-jupiter:5.9.2 #1091
  • Update to jackson-bom:2.14.2 #1090
  • Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1089
  • Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1088
  • Update to Spring Security 6.0.2 #1087
  • Update to Spring Framework 6.0.5 #1086
  • Update to Spring Boot 3.0.0 #1024
  • Update to Spring Boot 3.0.0 #1023

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

0.4.1

1 year ago

:star: New Features

  • Replace deprecated command with environment file #1063
  • Replace deprecated set-output command with environment file #1062
  • Update how-to-jpa.adoc #1010
  • ref-doc: authorizedScopes is missing from sql #1008

:beetle: Bug Fixes

  • Fix redirect_uri resolver #1013
  • redirect_uri resolver is incorrect #1012
  • URL-encoded parameters in redirect URI are encoded twice #1011

:hammer: Dependency Upgrades

  • Update to junit-jupiter:5.9.2 #1085
  • Update to jackson-bom:2.14.2 #1084
  • Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.35 #1083
  • Update to io.spring.nohttp:nohttp-checkstyle:0.0.11 #1082
  • Update to Spring Security 5.8.2 #1081
  • Update to Spring Framework 5.3.25 #1080

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

1.0.0

1 year ago

:star: New Features

  • Merge enhancements from 0.4.x into main #982

:hammer: Dependency Upgrades

  • Update to Spring Security 6.0.0 #981
  • Update to hsqldb 2.7.1 #976
  • Update to jackson-bom 2.14.0 #975
  • Update to Spring Boot 3.0.0-RC2 #974
  • Update to Spring Framework 6.0.0 #972
  • Update to jakarta.servlet-api 6.0.0 #965

0.4.0

1 year ago

:star: New Features

  • Upgrade to JUnit 5 #964
  • Update links to current version of OAuth 2.1 #960
  • Assert unique identifiers in JdbcRegisteredClientRepository #959
  • Add logging #956
  • ref-doc: Document Jwt Client Assertion Validation #945
  • ref-doc: Add configuration for userinfo endpoint to Getting Started example #917
  • Reject client authentication where client_id has non-printable ASCII characters #889
  • ref-doc: Document Authorization Request Validation #858
  • Add logging #159

:hammer: Dependency Upgrades

  • Update to jackson-bom 2.14.0 #980
  • Update to Spring Security 5.8.0 #979
  • Update to Spring Framework 5.3.24 #978

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

1.0.0-RC1

1 year ago

:star: New Features

  • Merge enhancements from 0.4.x into main #954
  • Add @Configuration with @EnableWebSecurity #935
  • Use AuthorizationFilter #934
  • Use SecurityContextRepository.loadDeferredContext() #933
  • Use securityMatcher() and authorizeHttpRequests() #922

:hammer: Dependency Upgrades

  • Downgrade to jackson-bom:2.13.4.20221013 #952
  • Update to hsqldb:2.7.0 #938
  • Update to mockito-core:4.8.1 #937
  • Update to jackson-bom:2.14.0-rc2 #936
  • Update to Spring Security 6.0.0-RC1 #932
  • Update to Spring Framework 6.0.0-RC2 #931
  • Update to Spring Boot 3.0.0-RC1 #930
  • Update Gradle Enterprise plugin to 3.11.1 #894

:rewind: Non-passive

  • Merge non-passive changes from 0.4.x into main #953

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

0.4.0-RC1

1 year ago

:star: New Features

  • Improve customizing OIDC Client Registration endpoint #946
  • Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944
  • Extract OIDC client configuration implementation #941
  • Update OAuth 2.1 spec link in README.adoc #940
  • Improve customizing OIDC UserInfo endpoint #929
  • OidcUserInfo Change PhoneNumberVerified Field to Boolean #923
  • Improve customizing OIDC UserInfo endpoint #785
  • Allow ability to customize RegisteredClient during registration #696

:beetle: Bug Fixes

  • Fix URL encoding for authorization request state parameter #920
  • State parameter does not handle plus sign properly #875

:hammer: Dependency Upgrades

  • Update to mockito-core:4.8.1 #951
  • Update to jackson-bom:2.13.4.20221013 #950
  • Update to Spring Security 5.8.0-RC1 #949
  • Update to Spring Boot 2.7.5 #948

:rewind: Non-passive

  • OpenID Connect 1.0 should be disabled by default #928

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

1.0.0-M2

1 year ago

:star: New Features

  • Merge enhancements from 0.4.x into main #906

:hammer: Dependency Upgrades

  • Update to mockito-core:4.8.0 #911
  • Update to jackson-bom:2.13.4 #910
  • Update to nimbus-jose-jwt:9.24.4 #909
  • Update to Spring Security 6.0.0-M7 #908
  • Update to Spring Framework 6.0.0-M6 #907

:rewind: Non-passive

  • Merge non-passive changes from 0.4.x into main #905

0.4.0-M2

1 year ago

:star: New Features

  • Return registration_endpoint in OidcProviderConfigurationEndpointFilter #881
  • Allow customizing Authorization Server Metadata Response #878
  • validate client secret expired or not #862
  • Check client secret not expired in ClientSecretAuthenticationProvider #850
  • Use configured ID Token signature algorithm #787
  • Ability to modify OIDC provider configuration #616
  • Allow adding an AuthenticationProvider and AuthenticationConverter #417
  • Return registration_endpoint in OidcProviderConfigurationEndpointFilter #370

:hammer: Dependency Upgrades

  • Update to okhttp:4.10.0 #904
  • Update to mockito-core:4.8.0 #903
  • Update to assertj-core:3.23.1 #902
  • Update to jackson-bom:2.13.4 #901
  • Update to nimbus-jose-jwt:9.24.4 #900
  • Update to Spring Security 5.8.0-M3 #899
  • Update to Spring Framework 5.3.23 #898

:rewind: Non-passive

  • Decompose OAuth2AuthorizationCodeRequestAuthenticationProvider #896
  • Remove OAuth2AuthenticationValidator #891
  • Make OAuth2AuthenticationContext an interface #890
  • Remove constructor in OidcProviderConfigurationEndpointFilter #869
  • Remove constructor in OAuth2AuthorizationServerMetadataEndpointFilter #868
  • Make AuthorizationServerContext an interface #867
  • Make AuthorizationServerContextFilter private #866
  • Rename ProviderContext #865
  • Rename ProviderSettings #864

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

1.0.0-M1

1 year ago

:star: New Features

  • Upgrade to Gradle 7.4.2 #833
  • Upgrade to Java 17 #832

:hammer: Dependency Upgrades

  • Update to org.hsqldb:hsqldb:2.6.1 #843
  • Update to com.squareup.okhttp3:okhttp:4.10.0 #842
  • Update to mockito-core:4.6.1 #841
  • Update to assertj-core:3.23.1 #840
  • Update to nimbus-jose-jwt:9.23 #839
  • Update to jakarta.servlet-api:5.0.0 #838
  • Update to thymeleaf-extras-springsecurity6 #837
  • Update to Spring Security 6.0.0-M6 #836
  • Update to Spring Framework 6.0.0-M5 #835
  • Update to Spring Boot 3.0.0-M4 #834