9d6f42b141
Merge pull request #1320 from bverhoeven/rfc7662-sub
...
Client: Parse 'sub' key to identify resource owner in introspection response (RFC7662)
2018-05-03 14:46:49 -04:00
e2d94f422a
new year 2018
2018-02-12 10:39:04 -05:00
f7da25fbe8
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 13:28:48 -05:00
85246d2d3e
Parse 'sub' to identify resource owner
...
As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses.
This change adds support for the `sub` key and will allow the introspection
response of RFC-compliant servers to be parsed.
Will still try `user_id` first as to not break backward compatibility.
2017-11-13 16:46:52 +01:00
661c242a9f
Updated copyrights
2017-05-26 20:17:17 -04:00
050662dd5c
updated dependencies
2017-03-24 12:12:06 -04:00
bd72b4138d
added missing copyright declarations
2017-03-21 14:11:40 -04:00
32ce21b5cd
automated code formatting and cleanup
2017-03-21 14:07:20 -04:00
1cb5b6c6ff
added toString to error for debug and display
2017-03-03 17:23:39 -05:00
e1ae8f3d8d
Add parameters from error response to exception
...
Introduce a new exception class to hold the parameters from an
authentication error response, allowing simpler retrieval later in the
filter processing.
2017-03-03 17:22:13 -05:00
52d2298f99
begin modularization of data import/export API
2017-02-15 11:51:32 -05:00
db50a88fe5
Happy New Year 2017
2017-01-17 17:09:14 -05:00
275c1b7e1c
user info fetcher cache throws error instead of returning null (as per library contract), closes #1144
2016-12-21 14:48:37 -05:00
c3d0c18af5
make HttpClient configurable, closes #1071
2016-12-02 16:23:55 -05:00
476ec872ff
Fixed NPE in case if algorithm is not specified
2016-12-02 16:13:26 -05:00
d361f01999
Fix such that the OAuth2Authentication returned would have a `null` userAuthentication if `user_id` is not found during introspection
...
`sub` cannot be used to create the user authentication because it may not necessarily refer to the user. Instead if may refer to the client
if the access token happens to be client-only.
2016-12-02 16:08:32 -05:00
74d34ab744
null-safe target link filter
2016-10-10 15:32:53 -04:00
d0056ae882
added target link URI capability to webfinger issuer service
2016-10-10 15:32:32 -04:00
82c313f036
added PKCE support to client
2016-07-27 20:31:14 -04:00
7badfe1d17
Happy new year 2016!
2016-01-21 15:50:37 -05:00
8294dbedd5
handled HTTP and parsing errors, fixed guava cache contract, fixes #372
2015-12-18 17:42:15 -05:00
b3486c31a0
added cache to user info fetcher, closes #833
2015-12-18 16:30:03 -05:00
7f464c496b
changed copyright to new consortium name
2015-12-16 14:51:12 -05:00
4f9ea0b474
Improve state handling in handleAuthorizationCodeResponse
...
Fail fast when there is no state in session, e.g. because the session
cookie was removed.
Resolves #949
2015-11-23 21:34:35 -05:00
a3d01727f9
Make FILTER_PROCESSES_URL public
...
Currently hardcoded in the filter and the client's Spring Security config; would be nicer to reference the value instead.
c5e70ebd5c/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml (L54)
2015-11-23 21:03:08 -05:00
6129cfa61a
added scope-based authorities granter for introspections services, closes #835
2015-10-13 18:51:21 -04:00
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
2015-10-13 04:40:01 -04:00
98e1d26134
limited when login_hint is sent to the server, closes #963
2015-10-12 17:56:31 -04:00
acb3d03052
added 'kid' to all signed tokens, closes #899
2015-10-01 18:54:38 -04:00
48bc26901a
added JTI to client auth
2015-10-01 18:54:15 -04:00
9fe98e0132
OIDCAuthenticationFilter: Make authenticationSignerService optional so
...
it must not be provided in Spring config
OIDCAuthenticationProvider: Setter for UserInfoFetcher, so own
implementation can be wired
UserInfoFetcher: Call to DefaultUserInfo.fromJson moved to method, so it
can be overwritten by own implementation to use own UserInfo
implementation
2015-08-21 17:33:23 -04:00
489450b1c2
automated code format cleanup
2015-08-05 12:04:14 -04:00
3c297ba18f
collapsed error clause
2015-07-08 14:35:45 -04:00
42b93be492
added uri-encoded client service, closes #857
2015-07-07 17:55:56 -04:00
667c766273
reverted over-reaching check on webfinger fetcher
2015-07-03 20:16:32 -04:00
d2a393f7f9
converted error handlers to a single @ControllerAdvice class, closes #788
2015-06-24 17:26:10 -04:00
7df3597757
split client's auth token into pending and authorized classes
2015-06-24 16:00:40 -04:00
b4520c170e
ID Token carried through as parsed JWT instead of string, closes #832
2015-06-24 16:00:40 -04:00
f4a1b27e2e
better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service
2015-06-23 22:21:18 -04:00
9ae92b983a
added http and json error handling to webfinger service
2015-06-23 21:50:16 -04:00
c166cbe49c
added login hint capability to client library
2015-06-23 21:21:41 -04:00
a259841eaf
Added getters and setters to IntrospectingTokenService
...
Fixed TokenCacheObject constructor for setting TCO's expire time
2015-06-09 13:37:07 -04:00
698fe55b85
IntrospectingTokenService now takes parameters (cacheTokens, cacheNonExpiringTokens, defaultExpireTime, forceCacheExpireTime) to change the behavior or even disable the caching of responses from the IntrospectionEndpoint.
2015-06-04 16:33:37 -04:00
9e74e40453
Use diamond syntax instead of explicit types
2015-06-03 10:24:48 -04:00
13f5e4f8a6
Collapse identical catch branches
2015-06-03 10:24:48 -04:00
6dc2b2cb5e
Various small improvements/bugfixes
2015-06-03 10:24:41 -04:00
54fbf0d0ac
Added null check for expiration during introspection. Making assumption that null exp means tokens dont expire.
2015-06-03 09:57:22 -04:00
d1e8529a7b
expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
...
closes #699
closes #761
2015-06-01 21:11:19 -04:00
effe955953
Fix blacklist/whitelist for DynamicRegistrationClientConfigurationService
...
ClientConfigurationService#getClientConfiguration has ServerConfiguration as parameter, not String
2015-05-28 17:05:55 -04:00
caf85b990d
Revert "added option to send skip sending nonce if desired, closes #704 , closes #683,"
...
This reverts commit bbeaeb06e3
2015-05-28 16:44:26 -04:00
Justin Richer