Releases: spring-projects/spring-authorization-server
Releases · spring-projects/spring-authorization-server
1.2.0-M1
⭐ New Features
- Add code challenge methods for oidc provider configuration response #1329
- Adds ability to inject custom metadata at client registration #1326
- Adds dynamic client registration how-to guide #1320
- code_challenge_methods_supported field not in openid-configuration endpoint #1302
- Migrate docs to Antora #1295
- Antora #1292
- Adds how-to guide on adding authorities to access tokens #1264
- Issue 1246 adding debug log entry #1261
- Consider logging missing
code_verifierwhencode_challengeis included in authorization request #1248 - Consider logging missing
code_challengewhen PKCE is required #1247 - Consider logging invalid client secret #1246
- Consider logging invalid
redirect_uriandscope#1245 - Fix :spring-authorization-server-docs:asciidoctor cacheability #1231
- Simplify dynamic client registration with custom metadata #1172
- How-to: Dynamic client registration #647
- How-to: Authorize an access token containing custom authorities #542
🪲 Bug Fixes
- Fix: add length validation to prevent 500 error on invalid usercode #1318
🔨 Dependency Upgrades
- Update to okhttp 4.11.0 #1368
- Update to junit-jupiter 5.10.0 #1367
- Update to nimbus-jose-jwt 9.35 #1366
- Update to Spring Security 6.2.0-M3 #1365
- Update to Spring Framework 6.1.0-M5 #1364
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.2
🪲 Bug Fixes
- Fix samples test suite execution and failing tests #1325
- Samples test suite is not executed as part of build process #1324
- Fix: add length validation to prevent 500 error on invalid usercode #1309
- Fix generating ID token with null sid when refresh_token grant #1289
- Default error controller throws NPE when error message attribute missing #1286
- Generating ID token when sid null during refresh_token grant throws IllegalArgumentException #1283
🔨 Dependency Upgrades
- Update to org.hsqldb:hsqldb 2.7.2 #1340
- Update to Spring Security 6.1.2 #1339
- Update to Spring Framework 6.0.11 #1338
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.1
⭐ New Features
- Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1223
- Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1222
🪲 Bug Fixes
- Device Grant AuthenticationConverter's can not handle multi-valued parameters #1269
- OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1268
- Validate authorized principal instead of sub during logout #1235
- Fix NPE on access token in OAuth2AuthorizationCodeAuthenticationProvider #1233
- ID Token missing sid claim after refresh_token grant #1224
- Revert serialVersionUID to 1.1.0 #1220
🔨 Dependency Upgrades
- Update to jackson-bom 2.15.2 #1282
- Update to Spring Security 6.1.1 #1279
- Update to Spring Framework 6.0.10 #1278
- Update com.gradle.enterprise plugin to 3.13.3 #1234
- Update to Spring Boot 3.1.0 #1229
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.3
🪲 Bug Fixes
- OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1267
- Revert serialVersionUID to 1.0.0 #1219
- Fix artifact build properties for Artifactory #1180
- Apply ArtifactoryPlugin to SpringRootProjectPlugin #1178
🔨 Dependency Upgrades
- Update to junit-jupiter 5.9.3 #1281
- Update to Spring Security 6.0.4 #1277
- Update to Spring Framework 6.0.10 #1276
- Update to jackson-bom 2.14.3 #1275
- Update spring-asciidoctor-backends to 0.0.5 #1194
- Update io.spring.ge.conventions plugin to 0.0.13 #1193
- Update to org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0 #1176
0.4.3
🪲 Bug Fixes
- Fix to save all values for multi-valued request parameters #1252
- OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1250
- Revert serialVersionUID to 0.4.0 #1218
- Fix artifact build properties for Artifactory #1179
- Apply ArtifactoryPlugin to SpringRootProjectPlugin #1177
🔨 Dependency Upgrades
- Update to junit-jupiter 5.9.3 #1280
- Update to jackson-bom 2.14.3 #1274
- Update to Spring Security 5.8.4 #1273
- Update to Spring Framework 5.3.28 #1272
- Update spring-asciidoctor-backends to 0.0.5 #1192
- Update io.spring.ge.conventions plugin to 0.0.13 #1190
- Update to org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0 #1175
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.0
⭐ New Features
- Simplify federated login in demo sample #1208
- Hash the sid claim in the ID Token #1207
- Update web ui design for demo sample #1196
- Add demo sample #1189
- Update default sample with Spring Boot starter #1187
- ref-doc: Update Getting Started with Spring Boot starter #1186
- Add logout success page to default client sample #1161
- Revoke tokens when code is reused #1152
- Consider adding a logout success page in the default sample #1142
- How-to: Implement an Extension Authorization Grant Type #686
- How-to: Authenticate a user in a Single Page Application with PKCE #539
- How-to: Authenticate using social login #538
🔨 Dependency Upgrades
- Update to junit-jupiter 5.9.3 #1216
- Update to jackson-bom 2.15.0 #1215
- Update to Spring Security 6.1.0 #1214
- Update to Spring Framework 6.0.9 #1213
- Update to Spring Boot 3.1.0-RC1 #1198
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.0-RC1
⭐ New Features
- Add reference documentation for OAuth 2.0 Device Authorization Grant #1158
- Add sample supporting public client for OAuth 2.0 Device Authorization Grant #1157
- Support device code and user code in
JdbcOAuth2AuthorizationService#1156 - ✨ JDBC device_code authorization #1143
- Add tests for OAuth 2.0 Device Authorization Grant #1127
- Improve OAuth 2.0 Device Authorization Grant #1116
- Improve OpenID Connect 1.0 Logout Endpoint #1077
- ref-doc: Document OpenID Connect 1.0 Logout Endpoint #1069
🔨 Dependency Upgrades
- Update to json-path:2.8.0 #1171
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.38 #1170
- Update to Spring Security 6.1.0-RC1 #1169
- Update to Spring Framework 6.0.8 #1168
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.0.2
0.4.2
🪲 Bug Fixes
- Fix refresh token error code INVALID_CLIENT to INVALID_GRANT #1139
- Fixed Broken Support Link #1092
- Fix to save after encoding the secret when registering the client #1056
- Consider allowing localhost in redirect_uri #651
🔨 Dependency Upgrades
- Update to io.spring.javaformat:spring-javaformat-checkstyle:0.0.38 #1164
- Update to Spring Security 5.8.3 #1163
- Update to Spring Framework 5.3.27 #1162
❤️ Contributors
We'd like to thank all the contributors who worked on this release!
1.1.0-M2
⭐ New Features
- Enable
upgradeEncodingfor OAuth2 client secrets #1099 - Implement OAuth 2.0 Device Authorization Grant #44
🪲 Bug Fixes
- Fixed Broken Support Link #1098
🔨 Dependency Upgrades
- Update to nimbus-jose-jwt:9.31 #1132
- Update to Spring Security 6.1.0-M2 #1131
- Update to Spring Framework 6.0.7 #1130
❤️ Contributors
We'd like to thank all the contributors who worked on this release!