0.2.0
⭐ New Features
- Use OAuth2AuthenticationException(String errorCode) #402
- Replace stream usage with for loops #401
- Polish loopback address validation in DefaultRedirectUriOAuth2AuthenticationValidator #396
- Validate redirect_uri on dynamic client registration #392
- JdbcRegisteredClientRepository hashes client secret on save #381
- Provide capability for customizing client authentication #380
- Hash RegisteredClient client_secret on save #378
- Provide configuration for refresh token generator #377
- Provide configuration for authorization code generator #376
- Introduce OAuth2AuthenticationValidator #374
- Add post processor to register ProviderSettings @bean #373
- Add update support in JdbcRegisteredClientRepository #365
- Add update support in JdbcRegisteredClientRepository #356
🪲 Bug Fixes
- Authorization failure should not clear current Authentication #409
- The JDBC-based sample code does not work properly #385
- Do not issue refresh token to public client #379
- Remove use of deprecated ClientAuthenticationMethod's #350
- Cannot request access token for client with CLIENT_SECRET_BASIC #346
- OAuth2AuthorizationCodeAuthenticationProvider should not issue refresh token to public client #296
🔨 Dependency Upgrades
- Update to nimbus-jose-jwt 9.10.1 #408
- Update to jackson-bom 2.12.4 #407
- Update to Spring Boot 2.5.3 #406
- Update Reactor to 2020.0.10 #405
- Update to Spring Security 5.5.2 #404
- Update to Spring Framework 5.3.9 #403
⏪ Non-passive
- Disable Oidc client registration by default #398
- Move OAuth2AuthorizationCode #395
- Polish JwtEncoder APIs #391
- OAuth2ClientAuthenticationToken should support any type of credentials #382
- Remove Context.of() #375
- Extract constants from Settings implementations #369
- Remove OAuth2ErrorCodes2 #368
- Remove OAuth2RefreshToken2 #367
- Make Settings implementations immutable #366
- Use OAuth2Token in OAuth2Authorization #364
- Rename ClientSettings.requireUserConsent() to requireAuthorizationConsent() #363
- Remove deprecated code #362
- Remove OAuth2ParameterNames2 #361
- Make AuthenticationProvider implementations final #360
- Make Filter implementations final #359
- Reduce visibility of default endpoint URI constants #358
- Move AuthenticationConverter's to web.authentication package #357
- Rename OAuth2TokenIntrospectionClaimAccessor.getScope() to getScopes() #354
❤️ Contributors
We'd like to thank all the contributors who worked on this release!