ea6960e66a
Merge pull request #1259 from sbke/patch-1
...
Adjustment to generate longer codes
2018-05-03 14:48:52 -04:00
9d6f42b141
Merge pull request #1320 from bverhoeven/rfc7662-sub
...
Client: Parse 'sub' key to identify resource owner in introspection response (RFC7662)
2018-05-03 14:46:49 -04:00
dd922b4cf7
Merge pull request #1378 from ketola/fetch-tokens-by-sub
...
Fetch tokens by user name
2018-05-03 14:44:51 -04:00
938d7e00c2
Merge branch 'ondrejvelisek/verification-uri-complete'
...
Closes #1386
2018-05-03 14:39:23 -04:00
a596cc1fd4
Made full URLs for device flow switchable server-wide instead of per-client
2018-05-03 14:37:50 -04:00
7ad29ae9c6
Revert "Add possibility to disable verification_uri_complete per client"
...
This reverts commit dae674af67
2018-05-03 13:59:38 -04:00
e3cfb80c33
Merge pull request #1390 from mobilcom-debitel/master
...
Update admin.js
2018-05-03 11:40:26 -04:00
fd938e11e9
Update admin.js
...
Allow scope names longer than 30 characters to be checked in the client scope list.
2018-05-03 14:48:01 +02:00
dae674af67
Add possibility to disable verification_uri_complete per client
2018-05-01 13:46:23 +02:00
67c87d56a6
Add support for verification_uri_complete
2018-05-01 10:45:49 +02:00
4a818c7b4b
Merge pull request #1385 from elennick/master
...
"Unable to load locale" log should not be ERROR level
2018-04-23 15:38:46 -04:00
fe000d91cb
undid autoformatting again
2018-04-23 14:30:43 -04:00
011bf8adb8
addressed review feedback
2018-04-23 14:29:38 -04:00
0ee4ee2f58
undid some autoformatting changes
2018-04-21 13:22:17 -04:00
0b531a0fd3
fixed an issue where missing locales would generate a lot of ERROR level log messages
2018-04-21 13:19:44 -04:00
e6a8e0c17d
Integration tests for new repository methods
2018-04-11 13:16:28 +03:00
a070f61edf
Clean up code in modified classes, remove line breaks, add static imports
2018-04-06 09:12:47 +03:00
51b580aa18
Use 'userName' instead of 'sub' in naming
2018-04-06 08:55:06 +03:00
3f277047e3
Use query by user sub to get all tokens for user
2018-04-06 08:47:37 +03:00
417a6b7c74
Removed some line breaks and auto generated comments for consistency
2018-04-05 19:29:54 +03:00
bf8149605a
Create queries for getting access and refresh tokens by user sub
2018-04-05 19:25:23 +03:00
64fbee7935
Merge pull request #1377 from ketola/master
...
Add an index for refresh_token.token_value
2018-04-04 10:12:53 -04:00
bca388d740
Add an index for refresh_token.token_value
2018-04-04 15:49:13 +03:00
e2d94f422a
new year 2018
2018-02-12 10:39:04 -05:00
a5a16f27c7
Merge pull request #1353 from col-panic/master
...
Minor typo in en/messages.json (Registrered -> Registered)
2018-02-08 16:49:44 -05:00
4dd907ea16
Merge pull request #1357 from praseodym/spring-security-4.2.4
...
Upgrade to Spring Security 4.2.4
2018-02-08 15:34:30 -05:00
d119559d4d
Upgrade to Spring Security 4.2.4
...
https://spring.io/blog/2018/01/30/cve-2018-1199-spring-security-5-0-1-4-2-4-4-1-5-released
2018-02-08 21:03:31 +01:00
b804f22bc8
[maven-release-plugin] prepare for next development iteration
2018-02-07 09:14:16 -05:00
f72e6b3e08
[maven-release-plugin] prepare release mitreid-connect-1.3.2
2018-02-07 09:14:10 -05:00
1feb0958bd
prepare for release
2018-02-07 09:09:07 -05:00
6497af40e8
removed erroneous not yet implemented tag from client page
2018-02-07 09:05:43 -05:00
7dc309c5af
Update CHANGELOG.md
2018-02-07 09:03:09 -05:00
7f956a5854
Merge pull request #1355 from ocadotechnology/jwt_fix
...
Throwing exception on all other JWT types than SignedJWT
2018-02-07 08:52:59 -05:00
37fba622b9
Throwing exception on all other JWT types than SignedJWT
2018-02-07 11:00:28 +01:00
c38b9d7a42
added PlainJWT and EncryptedJWT support + tests
2018-02-07 11:00:15 +01:00
36ec1b82e6
Minor type (Registrered -> Registered)
2018-02-06 08:41:14 +01:00
fcb119ff6a
Merge pull request #1270 from bodewig/custom_claim_friendly_token_enhancer
...
add hook for custom JWT claims to ConnectTokenEnhancer
2018-02-05 16:01:09 -05:00
8fb9adefc1
Merge pull request #1342 from bodewig/custom_claims_in_id_token
...
add hook for custom JWT claims to DefaultOIDCTokenService
2018-02-05 15:43:22 -05:00
0ce55d079a
Merge pull request #1352 from blm126/upgrade-nimbus
...
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 15:26:50 -05:00
f7da25fbe8
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 13:28:48 -05:00
1c7b9d5b44
Merge pull request #1346 from praseodym/fix-admin-interface-without-trailing-slash
...
Fix interface for issuer URI without trailing slash
2018-01-22 05:54:25 -05:00
a1a45aa36a
Fix interface for issuer URI without trailing slash
2018-01-21 12:01:25 +01:00
01eb1401a3
add hook for custom JWT claims to DefaultOIDCTokenService
2018-01-12 15:22:37 +01:00
e6130872a9
Merge pull request #1324 from patfrat/master
...
Add French messages
2017-11-22 13:23:56 -05:00
ca3642b6c3
Add French messages
2017-11-22 14:27:15 +01:00
85246d2d3e
Parse 'sub' to identify resource owner
...
As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses.
This change adds support for the `sub` key and will allow the introspection
response of RFC-compliant servers to be parsed.
Will still try `user_id` first as to not break backward compatibility.
2017-11-13 16:46:52 +01:00
ce9bf3507f
Merge pull request #1312 from kules/master
...
Correct minor typo error for confirmation message displayed when logging out from IDP
2017-11-01 13:56:24 -04:00
9bff58085d
Fix typo error for log out to IDP confirmation message
2017-10-30 22:56:07 +08:00
514dcc3851
add hook for custom JWT claims to ConnectTokenEnhancer
2017-07-18 16:10:58 +02:00
8b4e461748
Adjustment to generate longer codes
...
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2. Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits.
2017-06-28 14:20:11 +02:00
Justin Richer