github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,712 Commits
17 Branches
69 Tags
78 MiB
Commit Graph

1488 Commits (7e85d2575e29faf1ec1413fa4317be87164e6bde)

Author SHA1 Message Date
shrexster42 7e85d2575e
Merge branch 'mitreid-connect:master' into master 2022-04-17 18:16:56 +01:00
faidh 2c41e6a267 Add SNAPSHOT back to pom files 2022-03-29 11:29:22 -04:00
faidh 8a58d12600 Merge latest MitreID with updated 3pps back to GitHub fork 2022-03-29 11:29:22 -04:00
Justin Richer f5df762153 [maven-release-plugin] prepare for next development iteration 2021-12-20 13:09:11 -05:00
Justin Richer a0bd2c70ac [maven-release-plugin] prepare release mitreid-connect-1.3.4 2021-12-20 13:09:08 -05:00
shrexster42 6906f616e2 Upgrade to Java 11 and Spring 5 2021-12-18 22:30:43 +00:00
Michael Stepankin 7eba3c12fe Fix Spring Autobinding vulnerability 
1. Make authorizationRequest no longer affected by http request parameters due to @ModelAttribute. See http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html
 2021-02-18 16:13:36 -05:00
Justin Richer 621e86e62d [maven-release-plugin] prepare for next development iteration 2019-04-19 16:04:45 -04:00
Justin Richer 73459f0348 [maven-release-plugin] prepare release mitreid-connect-1.3.3 2019-04-19 16:04:40 -04:00
Martin Kuba ae7debba2f added refresh_token into grant_types_supported 2019-03-07 12:14:30 -05:00
鄭脈龍 676451c73d fix bug #1397 Attempting to execute an operation on a closed EntityManager. 2018-06-21 10:05:49 +08:00
Justin Richer ea6960e66a
Merge pull request #1259 from sbke/patch-1 
Adjustment to generate longer codes
 2018-05-03 14:48:52 -04:00
Justin Richer dd922b4cf7
Merge pull request #1378 from ketola/fetch-tokens-by-sub 
Fetch tokens by user name
 2018-05-03 14:44:51 -04:00
Justin Richer 938d7e00c2 Merge branch 'ondrejvelisek/verification-uri-complete' 
Closes #1386
 2018-05-03 14:39:23 -04:00
Justin Richer a596cc1fd4 Made full URLs for device flow switchable server-wide instead of per-client 2018-05-03 14:37:50 -04:00
Justin Richer 7ad29ae9c6 Revert "Add possibility to disable verification_uri_complete per client" 
This reverts commit dae674af67.
 2018-05-03 13:59:38 -04:00
ondrejvelisek dae674af67 Add possibility to disable verification_uri_complete per client 2018-05-01 13:46:23 +02:00
ondrejvelisek 67c87d56a6 Add support for verification_uri_complete 2018-05-01 10:45:49 +02:00
Evan Lennick fe000d91cb undid autoformatting again 2018-04-23 14:30:43 -04:00
Evan Lennick 011bf8adb8 addressed review feedback 2018-04-23 14:29:38 -04:00
Evan Lennick 0ee4ee2f58 undid some autoformatting changes 2018-04-21 13:22:17 -04:00
Evan Lennick 0b531a0fd3 fixed an issue where missing locales would generate a lot of ERROR level log messages 2018-04-21 13:19:44 -04:00
Sauli Ketola e6a8e0c17d Integration tests for new repository methods 2018-04-11 13:16:28 +03:00
Sauli Ketola a070f61edf Clean up code in modified classes, remove line breaks, add static imports 2018-04-06 09:12:47 +03:00
Sauli Ketola 51b580aa18 Use 'userName' instead of 'sub' in naming 2018-04-06 08:55:06 +03:00
Sauli Ketola 3f277047e3 Use query by user sub to get all tokens for user 2018-04-06 08:47:37 +03:00
Sauli Ketola 417a6b7c74 Removed some line breaks and auto generated comments for consistency 2018-04-05 19:29:54 +03:00
Sauli Ketola bf8149605a Create queries for getting access and refresh tokens by user sub 2018-04-05 19:25:23 +03:00
Justin Richer e2d94f422a new year 2018 2018-02-12 10:39:04 -05:00
Justin Richer b804f22bc8 [maven-release-plugin] prepare for next development iteration 2018-02-07 09:14:16 -05:00
Justin Richer f72e6b3e08 [maven-release-plugin] prepare release mitreid-connect-1.3.2 2018-02-07 09:14:10 -05:00
Tomasz Borowiec 37fba622b9 Throwing exception on all other JWT types than SignedJWT 2018-02-07 11:00:28 +01:00
Tomasz Borowiec c38b9d7a42 added PlainJWT and EncryptedJWT support + tests 2018-02-07 11:00:15 +01:00
Justin Richer fcb119ff6a
Merge pull request #1270 from bodewig/custom_claim_friendly_token_enhancer 
add hook for custom JWT claims to ConnectTokenEnhancer
 2018-02-05 16:01:09 -05:00
Stefan Bodewig 01eb1401a3 add hook for custom JWT claims to DefaultOIDCTokenService 2018-01-12 15:22:37 +01:00
Stefan Bodewig 514dcc3851 add hook for custom JWT claims to ConnectTokenEnhancer 2017-07-18 16:10:58 +02:00
sbke 8b4e461748 Adjustment to generate longer codes 
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2.  Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits.
 2017-06-28 14:20:11 +02:00
Justin Richer 0b1f9000db check for missing refresh token value on refresh, closes #1242 2017-05-26 20:30:09 -04:00
Justin Richer 661c242a9f Updated copyrights 2017-05-26 20:17:17 -04:00
Justin Richer c11e47a75b fixed unit test for new default redirect behavior 2017-05-11 11:27:41 -04:00
Justin Richer 2f31ceddf8 set redirect URI matching to strict by default 2017-05-10 17:39:59 -04:00
Justin Richer 7b06d91700 [maven-release-plugin] prepare for next development iteration 2017-05-09 14:29:53 -04:00
Justin Richer 8301f35e17 [maven-release-plugin] prepare release mitreid-connect-1.3.1 2017-05-09 14:29:49 -04:00
Justin Richer 713e872b8a fixed discovery endpoint, closes #1230 2017-04-29 15:01:15 -04:00
Justin Richer 9baacc0eaf Completed end session endpoint 
Addresses #1129, addresses #972, addresses #891, addresses #1223
 2017-04-29 14:58:37 -04:00
Justin Richer 2aa12fc0e3 end session endpoint 2017-04-28 19:05:30 -04:00
Justin Richer 0c46e7cb7a skeleton of end session endpoint, maybe need a change to user info lookup 2017-04-27 14:29:05 -04:00
Justin Richer 0efa77b580 [maven-release-plugin] prepare for next development iteration 2017-04-15 13:20:13 -04:00
Justin Richer b9b7bf53c3 [maven-release-plugin] prepare release mitreid-connect-1.3.0 2017-04-15 13:20:05 -04:00
Justin Richer 0d564d9714 made token service transactional, closes #1222 2017-04-14 15:27:16 -04:00