Merge branch 'master' of https://git.cubetiqs.com/CUBETIQ/spring-authorization-server

Fix download artifacts link
Closes gh-263
2021-03-26 08:06:09 +07:00 · 2021-03-19 14:06:49 -04:00 · 2021-03-18 04:05:38 -04:00 · 2021-03-16 10:04:42 -04:00 · 2021-03-15 12:00:44 -04:00 · 2021-03-12 16:09:38 -05:00
8 changed files with 10 additions and 24 deletions
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -3,6 +3,3 @@ contact_links:
  - name: Community Support
    url: https://stackoverflow.com/questions/tagged/spring-security
    about: Please ask and answer questions on StackOverflow with the tag `spring-security`.
-  - name: Security Issues
-    url: https://pivotal.io/security#reporting
-    about: Please report security vulnerabilities here.
--- a/README.adoc
+++ b/README.adoc
@ -45,7 +45,7 @@ This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code
 By participating, you are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

 == Downloading Artifacts
-See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
+See https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Artifacts[downloading Spring artifacts] for Maven repository information.

 == Building from Source
 Spring Authorization Server uses a https://gradle.org[Gradle]-based build system.
--- a/gradle.properties
+++ b/gradle.properties
@ -1,5 +1,5 @@
 version=0.1.1-SNAPSHOT
-springBootVersion=2.4.2
+springBootVersion=2.4.3
 org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
 org.gradle.parallel=true
 org.gradle.caching=true
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@ -3,7 +3,7 @@ if (!project.hasProperty("springVersion")) {
 }

 if (!project.hasProperty("springSecurityVersion")) {
-	ext.springSecurityVersion = "5.4.2"
+	ext.springSecurityVersion = "5.4.5"
 }

 if (!project.hasProperty("reactorVersion")) {
@ -25,8 +25,6 @@ dependencyManagement {
 	}

 	dependencies {
-		dependency "com.nimbusds:oauth2-oidc-sdk:8.23.1"
-		dependency "com.nimbusds:nimbus-jose-jwt:9.1.3"
 		dependency "javax.servlet:javax.servlet-api:4.0.1"
 		dependency 'junit:junit:4.13.1'
 		dependency 'org.assertj:assertj-core:3.18.1'
--- a/oauth2-authorization-server/spring-security-oauth2-authorization-server.gradle
+++ b/oauth2-authorization-server/spring-security-oauth2-authorization-server.gradle
@ -20,5 +20,5 @@ dependencies {
 }

 jacoco {
-	toolVersion = '0.8.5'
+	toolVersion = '0.8.6'
 }
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwsEncoder.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwsEncoder.java
@ -43,6 +43,7 @@ import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;

+import net.minidev.json.JSONObject;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@ -197,7 +198,7 @@ public final class NimbusJwsEncoder implements JwtEncoder {
 			Map<String, Object> jwk = headers.getJwk();
 			if (!CollectionUtils.isEmpty(jwk)) {
 				try {
-					builder.jwk(JWK.parse(jwk));
+					builder.jwk(JWK.parse(new JSONObject(jwk)));
 				}
 				catch (Exception ex) {
 					throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.authentication;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

@ -147,7 +146,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 		JoseHeader.Builder headersBuilder = JwtUtils.headers();
 		JwtClaimsSet.Builder claimsBuilder = JwtUtils.accessTokenClaims(
 				registeredClient, issuer, authorization.getPrincipalName(),
-				excludeOpenidIfNecessary(authorizedScopes));
+				authorizedScopes);

 		// @formatter:off
 		JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
@ -169,7 +168,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica

 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				jwtAccessToken.getTokenValue(), jwtAccessToken.getIssuedAt(),
-				jwtAccessToken.getExpiresAt(), excludeOpenidIfNecessary(authorizedScopes));
+				jwtAccessToken.getExpiresAt(), authorizedScopes);

 		OAuth2RefreshToken refreshToken = null;
 		if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN)) {
@ -245,15 +244,6 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 				registeredClient, clientPrincipal, accessToken, refreshToken, additionalParameters);
 	}

-	private static Set<String> excludeOpenidIfNecessary(Set<String> scopes) {
-		if (!scopes.contains(OidcScopes.OPENID)) {
-			return scopes;
-		}
-		scopes = new HashSet<>(scopes);
-		scopes.remove(OidcScopes.OPENID);
-		return scopes;
-	}
-
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@ -311,7 +311,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		assertThat(accessTokenContext.getClaims()).isNotNull();
 		Map<String, Object> claims = new HashMap<>();
 		accessTokenContext.getClaims().claims(claims::putAll);
-		assertThat(claims.containsKey(OidcScopes.OPENID)).isFalse();
+		assertThat(claims).flatExtracting(OAuth2ParameterNames.SCOPE)
+				.containsExactlyInAnyOrder(OidcScopes.OPENID, "scope1");
 		// ID Token context
 		JwtEncodingContext idTokenContext = jwtEncodingContextCaptor.getAllValues().get(1);
 		assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
@ -335,7 +336,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		assertThat(accessTokenAuthentication.getPrincipal()).isEqualTo(clientPrincipal);
 		assertThat(accessTokenAuthentication.getAccessToken()).isEqualTo(updatedAuthorization.getAccessToken().getToken());
 		Set<String> accessTokenScopes = new HashSet<>(updatedAuthorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
-		accessTokenScopes.remove(OidcScopes.OPENID);
 		assertThat(accessTokenAuthentication.getAccessToken().getScopes()).isEqualTo(accessTokenScopes);
 		assertThat(accessTokenAuthentication.getRefreshToken()).isNotNull();
 		assertThat(accessTokenAuthentication.getRefreshToken()).isEqualTo(updatedAuthorization.getRefreshToken().getToken());
Author	SHA1	Message	Date
Sambo Chea	7d3acd887a	Merge branch 'master' of https://git.cubetiqs.com/CUBETIQ/spring-authorization-server	2021-03-26 08:06:09 +07:00
Norbert Nowak	658b186381	Fix download artifacts link Closes gh-263	2021-03-19 14:06:49 -04:00
Joe Grandja	d33ec32017	Update gh issue template config.yml	2021-03-18 04:05:38 -04:00
Daniel Garnier-Moiroux	59040a4c3d	Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security - Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+, which breaks NimbusJwsEncoder. - Bump Security to 5.4.5, and Boot to 2.4.3 to match Security Closes gh-256	2021-03-16 10:04:42 -04:00
Joshua Casey	3b0938883b	Scope "openid" should be in access token response scope - Still does not require user consent Closes gh-252	2021-03-15 12:00:44 -04:00
Daniel Garnier-Moiroux	1962b9c5b7	Bump Jacoco to 0.8.6 to support Java 15	2021-03-12 16:09:38 -05:00