Skip to content

Spring Authorization Server 1.1 Migration Guide

Jump to bottom
Steve Riesenberg edited this page Apr 12, 2023 · 4 revisions

This document is meant to help you migrate your application to Spring Authorization Server 1.1.

Before You Start

Upgrade to the Latest 1.0.x Version

Before you start the upgrade, make sure to upgrade to the latest available 1.0.x version. This will make sure that you are building against the most recent dependencies of that line.

Upgrade to Spring Authorization Server 1.1

RegisteredClient Enhancements

The new Set<String> postLogoutRedirectUris attribute was added to RegisteredClient to support the implementation of OpenID Connect RP-Initiated Logout 1.0, which was merged via gh-1068.

In addition to the postLogoutRedirectUris attribute, the post_logout_redirect_uris column was added to the oauth2_registered_client table definition in oauth2-registered-client-schema.sql.

CREATE TABLE oauth2_registered_client (
    id varchar(100) NOT NULL,
    client_id varchar(100) NOT NULL,
    client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
    client_secret varchar(200) DEFAULT NULL,
    client_secret_expires_at timestamp DEFAULT NULL,
    client_name varchar(200) NOT NULL,
    client_authentication_methods varchar(1000) NOT NULL,
    authorization_grant_types varchar(1000) NOT NULL,
    redirect_uris varchar(1000) DEFAULT NULL,
    post_logout_redirect_uris varchar(1000) DEFAULT NULL,
    scopes varchar(1000) NOT NULL,
    client_settings varchar(2000) NOT NULL,
    token_settings varchar(2000) NOT NULL,
    PRIMARY KEY (id)
);

JdbcRegisteredClientRepository has been updated to support the new post_logout_redirect_uris column.

Important
 If your application is currently using JdbcRegisteredClientRepository then you need to ensure the post_logout_redirect_uris column is added to the existing oauth2_registered_client table.

The following script MUST be applied to an existing oauth2_registered_client table to add the new column post_logout_redirect_uris:

ALTER TABLE oauth2_registered_client
ADD post_logout_redirect_uris varchar(1000) DEFAULT NULL

OAuth2Authorization Enhancements

Two additional OAuth2Token types were added (OAuth2UserCode and OAuth2DeviceCode) to support the implementation of OAuth 2.0 Device Authorization Grant, which was merged via gh-1106.

In addition to the new token types, the following columns were added to the oauth2_authorization table definition in oauth2-authorization-schema.sql:

  • user_code_value

  • user_code_issued_at

  • user_code_expires_at

  • user_code_metadata

  • device_code_value

  • device_code_issued_at

  • device_code_expires_at

  • device_code_metadata

/*
IMPORTANT:
    If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
    as PostgreSQL does not support the 'blob' data type.
*/
CREATE TABLE oauth2_authorization (
    id varchar(100) NOT NULL,
    registered_client_id varchar(100) NOT NULL,
    principal_name varchar(200) NOT NULL,
    authorization_grant_type varchar(100) NOT NULL,
    authorized_scopes varchar(1000) DEFAULT NULL,
    attributes blob DEFAULT NULL,
    state varchar(500) DEFAULT NULL,
    authorization_code_value blob DEFAULT NULL,
    authorization_code_issued_at timestamp DEFAULT NULL,
    authorization_code_expires_at timestamp DEFAULT NULL,
    authorization_code_metadata blob DEFAULT NULL,
    access_token_value blob DEFAULT NULL,
    access_token_issued_at timestamp DEFAULT NULL,
    access_token_expires_at timestamp DEFAULT NULL,
    access_token_metadata blob DEFAULT NULL,
    access_token_type varchar(100) DEFAULT NULL,
    access_token_scopes varchar(1000) DEFAULT NULL,
    oidc_id_token_value blob DEFAULT NULL,
    oidc_id_token_issued_at timestamp DEFAULT NULL,
    oidc_id_token_expires_at timestamp DEFAULT NULL,
    oidc_id_token_metadata blob DEFAULT NULL,
    refresh_token_value blob DEFAULT NULL,
    refresh_token_issued_at timestamp DEFAULT NULL,
    refresh_token_expires_at timestamp DEFAULT NULL,
    refresh_token_metadata blob DEFAULT NULL,
    user_code_value blob DEFAULT NULL,
    user_code_issued_at timestamp DEFAULT NULL,
    user_code_expires_at timestamp DEFAULT NULL,
    user_code_metadata blob DEFAULT NULL,
    device_code_value blob DEFAULT NULL,
    device_code_issued_at timestamp DEFAULT NULL,
    device_code_expires_at timestamp DEFAULT NULL,
    device_code_metadata blob DEFAULT NULL,
    PRIMARY KEY (id)
);

JdbcOAuth2AuthorizationService has been updated to support the new columns.

Important
 If your application is currently using JdbcOAuth2AuthorizationService then you need to ensure the new columns are added to the existing oauth2_authorization table.

The following script MUST be applied to an existing oauth2_authorization table to add the new columns:

ALTER TABLE oauth2_authorization
    ADD user_code_value blob DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD user_code_issued_at timestamp DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD user_code_expires_at timestamp DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD user_code_metadata blob DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD device_code_value blob DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD device_code_issued_at timestamp DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD device_code_expires_at timestamp DEFAULT NULL;
ALTER TABLE oauth2_authorization
    ADD device_code_metadata blob DEFAULT NULL;

Pages

Migration Guides

Clone this wiki locally