9d6f42b141
Merge pull request #1320 from bverhoeven/rfc7662-sub
...
Client: Parse 'sub' key to identify resource owner in introspection response (RFC7662)
7 years ago
e2d94f422a
new year 2018
7 years ago
f7da25fbe8
Upgrade nimbus-jose-jwt to 5.4.
7 years ago
85246d2d3e
Parse 'sub' to identify resource owner
...
As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses.
This change adds support for the `sub` key and will allow the introspection
response of RFC-compliant servers to be parsed.
Will still try `user_id` first as to not break backward compatibility.
7 years ago
661c242a9f
Updated copyrights
8 years ago
050662dd5c
updated dependencies
8 years ago
bd72b4138d
added missing copyright declarations
8 years ago
32ce21b5cd
automated code formatting and cleanup
8 years ago
1cb5b6c6ff
added toString to error for debug and display
8 years ago
e1ae8f3d8d
Add parameters from error response to exception
...
Introduce a new exception class to hold the parameters from an
authentication error response, allowing simpler retrieval later in the
filter processing.
8 years ago
52d2298f99
begin modularization of data import/export API
8 years ago
db50a88fe5
Happy New Year 2017
8 years ago
275c1b7e1c
user info fetcher cache throws error instead of returning null (as per library contract), closes #1144
8 years ago
c3d0c18af5
make HttpClient configurable, closes #1071
8 years ago
476ec872ff
Fixed NPE in case if algorithm is not specified
8 years ago
d361f01999
Fix such that the OAuth2Authentication returned would have a `null` userAuthentication if `user_id` is not found during introspection
...
`sub` cannot be used to create the user authentication because it may not necessarily refer to the user. Instead if may refer to the client
if the access token happens to be client-only.
8 years ago
74d34ab744
null-safe target link filter
8 years ago
d0056ae882
added target link URI capability to webfinger issuer service
8 years ago
82c313f036
added PKCE support to client
8 years ago
7badfe1d17
Happy new year 2016!
9 years ago
8294dbedd5
handled HTTP and parsing errors, fixed guava cache contract, fixes #372
9 years ago
b3486c31a0
added cache to user info fetcher, closes #833
9 years ago
7f464c496b
changed copyright to new consortium name
9 years ago
4f9ea0b474
Improve state handling in handleAuthorizationCodeResponse
...
Fail fast when there is no state in session, e.g. because the session
cookie was removed.
Resolves #949
9 years ago
a3d01727f9
Make FILTER_PROCESSES_URL public
...
Currently hardcoded in the filter and the client's Spring Security config; would be nicer to reference the value instead.
c5e70ebd5c/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml (L54)
9 years ago
6129cfa61a
added scope-based authorities granter for introspections services, closes #835
9 years ago
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
9 years ago
98e1d26134
limited when login_hint is sent to the server, closes #963
9 years ago
acb3d03052
added 'kid' to all signed tokens, closes #899
9 years ago
48bc26901a
added JTI to client auth
9 years ago
9fe98e0132
OIDCAuthenticationFilter: Make authenticationSignerService optional so
...
it must not be provided in Spring config
OIDCAuthenticationProvider: Setter for UserInfoFetcher, so own
implementation can be wired
UserInfoFetcher: Call to DefaultUserInfo.fromJson moved to method, so it
can be overwritten by own implementation to use own UserInfo
implementation
9 years ago
489450b1c2
automated code format cleanup
9 years ago
3c297ba18f
collapsed error clause
10 years ago
42b93be492
added uri-encoded client service, closes #857
10 years ago
667c766273
reverted over-reaching check on webfinger fetcher
10 years ago
d2a393f7f9
converted error handlers to a single @ControllerAdvice class, closes #788
10 years ago
7df3597757
split client's auth token into pending and authorized classes
10 years ago
b4520c170e
ID Token carried through as parsed JWT instead of string, closes #832
10 years ago
f4a1b27e2e
better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service
10 years ago
9ae92b983a
added http and json error handling to webfinger service
10 years ago
c166cbe49c
added login hint capability to client library
10 years ago
a259841eaf
Added getters and setters to IntrospectingTokenService
...
Fixed TokenCacheObject constructor for setting TCO's expire time
10 years ago
698fe55b85
IntrospectingTokenService now takes parameters (cacheTokens, cacheNonExpiringTokens, defaultExpireTime, forceCacheExpireTime) to change the behavior or even disable the caching of responses from the IntrospectionEndpoint.
10 years ago
9e74e40453
Use diamond syntax instead of explicit types
10 years ago
13f5e4f8a6
Collapse identical catch branches
10 years ago
6dc2b2cb5e
Various small improvements/bugfixes
10 years ago
54fbf0d0ac
Added null check for expiration during introspection. Making assumption that null exp means tokens dont expire.
10 years ago
d1e8529a7b
expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
...
closes #699
closes #761
10 years ago
effe955953
Fix blacklist/whitelist for DynamicRegistrationClientConfigurationService
...
ClientConfigurationService#getClientConfiguration has ServerConfiguration as parameter, not String
10 years ago
caf85b990d
Revert "added option to send skip sending nonce if desired, closes #704 , closes #683,"
...
This reverts commit bbeaeb06e3
10 years ago
Justin Richer