fc91043807
using defaults from spring 4
2016-12-22 15:17:18 -05:00
d5e8dd31a8
update to Spring Security 4
2016-12-22 14:30:59 -05:00
0e703ef9f9
update a few dependency versions, closes #1145
2016-12-21 15:50:24 -05:00
275c1b7e1c
user info fetcher cache throws error instead of returning null (as per library contract), closes #1144
2016-12-21 14:48:37 -05:00
bea3af2470
database table sync
2016-12-21 13:44:49 -05:00
63bd8d18fb
cleaned ID token views from UI
2016-12-21 13:44:40 -05:00
91da3935f5
Made ID tokens ephemeral, made access token’s “additional information” extensible
2016-12-21 13:01:15 -05:00
91ed758ed1
removed “attributeName” from annotation as this breaks EclipseLink JPA
2016-12-09 16:58:43 -05:00
4f4c8de1c8
Fix JPA issues to allow using Hibernate
2016-12-09 15:15:50 -05:00
375a5f2e47
removed token count from grant admin page
2016-12-09 15:10:07 -05:00
22fa3605ef
Patched unit tests, still needs updates for checking approved site to token mapping on data import/export
2016-12-09 12:56:06 -05:00
55b1b00b73
Updated relationship between approved sites and access tokens, closes #874
2016-12-09 12:55:42 -05:00
d875d52be7
updated data import/export services for 1.3
2016-12-08 17:01:55 -05:00
7725fcfa2b
createAuthorizationCode should be @Transactional
...
An Authentication should not exist without its matching AuthorizationCode, but typically an AuthorizationCode will have a foreign key on an Authentication, meaning it can't be saved first. This block should be wrapped in a transaction so that other DB clients (say, for example, clearExpiredAuthorizationCodes) don't see an inconsistent snapshot and then misbehave.
2016-12-02 16:29:48 -05:00
c3d0c18af5
make HttpClient configurable, closes #1071
2016-12-02 16:23:55 -05:00
f45a6ef56a
use the same encoding as on client side
...
see OIDCAuthenticationFilter line 336
2016-12-02 16:20:09 -05:00
476ec872ff
Fixed NPE in case if algorithm is not specified
2016-12-02 16:13:26 -05:00
bb6bb81dbc
Add new tests which asserts that `user_id` should not be present in the introspection response if there's no user authentication available
2016-12-02 16:08:32 -05:00
52da5e769a
Fix test by returning a new OAuth2Authentication instead of mocking it
2016-12-02 16:08:32 -05:00
d361f01999
Fix such that the OAuth2Authentication returned would have a `null` userAuthentication if `user_id` is not found during introspection
...
`sub` cannot be used to create the user authentication because it may not necessarily refer to the user. Instead if may refer to the client
if the access token happens to be client-only.
2016-12-02 16:08:32 -05:00
b2fab9642e
Fix such that `user_id` is only added if user authentication is available
...
OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available.
Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this
introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with
the client_id and so OAuth2Authentication's userAuthentication is populated falsely.
2016-12-02 16:08:32 -05:00
4ac3916db3
spaces to tabs
2016-12-02 15:50:22 -05:00
8333d035b4
move database files to match new layouts
2016-12-02 15:50:15 -05:00
fa122e7ad6
ojdbc driver uncommented in dep mgmnt
2016-12-02 15:37:41 -05:00
4b3284ffd2
ojdbc6 dependency moved to parent pom, added check constraints for boolean columns, fixed invalid column type
2016-12-02 15:37:41 -05:00
83a9fef14d
Oracle support added
2016-12-02 15:37:41 -05:00
dea6044e77
Set the encoding of the UserInfo response body to UTF-8
...
See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
2016-12-02 14:44:55 -05:00
1b7612a26d
add db init script for mysql
...
add data-context example with mysql db initializer
2016-12-02 14:43:18 -05:00
cbe6b9e1df
add db init script for pgsql
...
add data-context example with pgsql db initializer
2016-12-02 14:43:18 -05:00
6f5ca3fd2f
Fixed missing "final" modifier in constant
2016-12-02 14:31:25 -05:00
337513a559
sync’d database tables from HSQL to MySQL and PGSQL
...
closes #1154
closes #1148
2016-12-02 14:28:56 -05:00
74d34ab744
null-safe target link filter
2016-10-10 15:32:53 -04:00
d0056ae882
added target link URI capability to webfinger issuer service
2016-10-10 15:32:32 -04:00
74f3e2d0c0
maven site generator working, closes #984 #941
2016-08-01 13:36:06 -04:00
af7c1f7d45
added PKCE support to discovery endpoint
2016-07-27 20:31:27 -04:00
82c313f036
added PKCE support to client
2016-07-27 20:31:14 -04:00
ba0d0aab0b
use parameter constants for extensions maps in token service
2016-07-24 17:46:04 -04:00
ac0cafe7b3
parse and process PKCE requests
2016-07-24 17:45:43 -04:00
5dcda2812e
added code challenge method to client model (properly this time)
2016-07-24 17:45:04 -04:00
2cc90ba5f2
created PKCE algorithm class
2016-07-24 17:06:29 -04:00
83d7627ed0
serialize phone_number and phone_number_verified, closes #1030
2016-07-24 16:49:46 -04:00
d1d05e506e
added software statement to dynamic registration self-service
2016-07-24 16:28:08 -04:00
57208ac35d
added software statements to client API
2016-07-24 16:12:56 -04:00
d89257380f
make client assertion auth work again
2016-07-24 15:28:51 -04:00
f9e4d75a4a
use JWT bearer assertion token for assertion processing
2016-07-24 14:55:45 -04:00
42ccb8b39e
make software statement processing null-safe
2016-07-24 14:55:12 -04:00
bd9932d56f
added assertion processor to token endpoint
2016-07-22 15:31:00 -04:00
8c021ad403
added assertion validator that validates assertions signed by the local server only
2016-07-22 14:04:33 -04:00
8e016a8d30
make the null assertion processor the default
2016-07-22 13:50:37 -04:00
a5a12b2f1f
added assertion validation engine
2016-07-22 13:47:20 -04:00
Justin Richer