Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security

- Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+,
  which breaks NimbusJwsEncoder.
- Bump Security to 5.4.5, and Boot to 2.4.3 to match Security

Closes gh-256
This commit is contained in:
Daniel Garnier-Moiroux 2021-03-12 14:24:15 +01:00 committed by Joe Grandja
parent 3b0938883b
commit 59040a4c3d
3 changed files with 4 additions and 5 deletions

View File

@ -1,5 +1,5 @@
version=0.1.1-SNAPSHOT
springBootVersion=2.4.2
springBootVersion=2.4.3
org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
org.gradle.parallel=true
org.gradle.caching=true

View File

@ -3,7 +3,7 @@ if (!project.hasProperty("springVersion")) {
}
if (!project.hasProperty("springSecurityVersion")) {
ext.springSecurityVersion = "5.4.2"
ext.springSecurityVersion = "5.4.5"
}
if (!project.hasProperty("reactorVersion")) {
@ -25,8 +25,6 @@ dependencyManagement {
}
dependencies {
dependency "com.nimbusds:oauth2-oidc-sdk:8.23.1"
dependency "com.nimbusds:nimbus-jose-jwt:9.1.3"
dependency "javax.servlet:javax.servlet-api:4.0.1"
dependency 'junit:junit:4.13.1'
dependency 'org.assertj:assertj-core:3.18.1'

View File

@ -43,6 +43,7 @@ import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import net.minidev.json.JSONObject;
import org.springframework.core.convert.converter.Converter;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
@ -197,7 +198,7 @@ public final class NimbusJwsEncoder implements JwtEncoder {
Map<String, Object> jwk = headers.getJwk();
if (!CollectionUtils.isEmpty(jwk)) {
try {
builder.jwk(JWK.parse(jwk));
builder.jwk(JWK.parse(new JSONObject(jwk)));
}
catch (Exception ex) {
throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,