0b531a0fd3
fixed an issue where missing locales would generate a lot of ERROR level log messages
2018-04-21 13:19:44 -04:00
e6a8e0c17d
Integration tests for new repository methods
2018-04-11 13:16:28 +03:00
a070f61edf
Clean up code in modified classes, remove line breaks, add static imports
2018-04-06 09:12:47 +03:00
51b580aa18
Use 'userName' instead of 'sub' in naming
2018-04-06 08:55:06 +03:00
3f277047e3
Use query by user sub to get all tokens for user
2018-04-06 08:47:37 +03:00
417a6b7c74
Removed some line breaks and auto generated comments for consistency
2018-04-05 19:29:54 +03:00
bf8149605a
Create queries for getting access and refresh tokens by user sub
2018-04-05 19:25:23 +03:00
64fbee7935
Merge pull request #1377 from ketola/master
...
Add an index for refresh_token.token_value
2018-04-04 10:12:53 -04:00
bca388d740
Add an index for refresh_token.token_value
2018-04-04 15:49:13 +03:00
e2d94f422a
new year 2018
2018-02-12 10:39:04 -05:00
a5a16f27c7
Merge pull request #1353 from col-panic/master
...
Minor typo in en/messages.json (Registrered -> Registered)
2018-02-08 16:49:44 -05:00
4dd907ea16
Merge pull request #1357 from praseodym/spring-security-4.2.4
...
Upgrade to Spring Security 4.2.4
2018-02-08 15:34:30 -05:00
d119559d4d
Upgrade to Spring Security 4.2.4
...
https://spring.io/blog/2018/01/30/cve-2018-1199-spring-security-5-0-1-4-2-4-4-1-5-released
2018-02-08 21:03:31 +01:00
b804f22bc8
[maven-release-plugin] prepare for next development iteration
2018-02-07 09:14:16 -05:00
f72e6b3e08
[maven-release-plugin] prepare release mitreid-connect-1.3.2
2018-02-07 09:14:10 -05:00
1feb0958bd
prepare for release
2018-02-07 09:09:07 -05:00
6497af40e8
removed erroneous not yet implemented tag from client page
2018-02-07 09:05:43 -05:00
7dc309c5af
Update CHANGELOG.md
2018-02-07 09:03:09 -05:00
7f956a5854
Merge pull request #1355 from ocadotechnology/jwt_fix
...
Throwing exception on all other JWT types than SignedJWT
2018-02-07 08:52:59 -05:00
37fba622b9
Throwing exception on all other JWT types than SignedJWT
2018-02-07 11:00:28 +01:00
c38b9d7a42
added PlainJWT and EncryptedJWT support + tests
2018-02-07 11:00:15 +01:00
36ec1b82e6
Minor type (Registrered -> Registered)
2018-02-06 08:41:14 +01:00
fcb119ff6a
Merge pull request #1270 from bodewig/custom_claim_friendly_token_enhancer
...
add hook for custom JWT claims to ConnectTokenEnhancer
2018-02-05 16:01:09 -05:00
8fb9adefc1
Merge pull request #1342 from bodewig/custom_claims_in_id_token
...
add hook for custom JWT claims to DefaultOIDCTokenService
2018-02-05 15:43:22 -05:00
0ce55d079a
Merge pull request #1352 from blm126/upgrade-nimbus
...
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 15:26:50 -05:00
f7da25fbe8
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 13:28:48 -05:00
1c7b9d5b44
Merge pull request #1346 from praseodym/fix-admin-interface-without-trailing-slash
...
Fix interface for issuer URI without trailing slash
2018-01-22 05:54:25 -05:00
a1a45aa36a
Fix interface for issuer URI without trailing slash
2018-01-21 12:01:25 +01:00
01eb1401a3
add hook for custom JWT claims to DefaultOIDCTokenService
2018-01-12 15:22:37 +01:00
e6130872a9
Merge pull request #1324 from patfrat/master
...
Add French messages
2017-11-22 13:23:56 -05:00
ca3642b6c3
Add French messages
2017-11-22 14:27:15 +01:00
85246d2d3e
Parse 'sub' to identify resource owner
...
As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses.
This change adds support for the `sub` key and will allow the introspection
response of RFC-compliant servers to be parsed.
Will still try `user_id` first as to not break backward compatibility.
2017-11-13 16:46:52 +01:00
ce9bf3507f
Merge pull request #1312 from kules/master
...
Correct minor typo error for confirmation message displayed when logging out from IDP
2017-11-01 13:56:24 -04:00
9bff58085d
Fix typo error for log out to IDP confirmation message
2017-10-30 22:56:07 +08:00
514dcc3851
add hook for custom JWT claims to ConnectTokenEnhancer
2017-07-18 16:10:58 +02:00
8b4e461748
Adjustment to generate longer codes
...
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2. Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits.
2017-06-28 14:20:11 +02:00
ef01d3032e
Merge pull request #1228 from leonard84/fix-psql-scripts
...
Fix psql_database script, replace SERIAL with BIGSERIAL and fix ...
2017-06-15 09:45:13 -04:00
bba18fd118
Merge pull request #1240 from Connz/patch-2
...
Corrected typo
2017-06-15 09:44:46 -04:00
28ad78e9f3
Merge pull request #1233 from Connz/patch-1
...
Removed double 'sure'
2017-06-15 09:44:33 -04:00
059e140164
removed old document PDFs from repo
2017-05-27 06:49:34 -04:00
0b1f9000db
check for missing refresh token value on refresh, closes #1242
2017-05-26 20:30:09 -04:00
705ac9879c
removed unused field from UI config bean
2017-05-26 20:20:11 -04:00
4dc31cdfbd
fixed client readme file
2017-05-26 20:17:29 -04:00
661c242a9f
Updated copyrights
2017-05-26 20:17:17 -04:00
0859a5d122
Corrected typo
2017-05-16 12:09:54 +02:00
c11e47a75b
fixed unit test for new default redirect behavior
2017-05-11 11:27:41 -04:00
2f31ceddf8
set redirect URI matching to strict by default
2017-05-10 17:39:59 -04:00
7e6864ff38
escaped output values on approval page, closes #1111
2017-05-10 17:39:48 -04:00
a316306f33
added changelog file
2017-05-09 14:54:47 -04:00
7b06d91700
[maven-release-plugin] prepare for next development iteration
2017-05-09 14:29:53 -04:00
Evan Lennick