Merge branch 'master' of https://git.cubetiqs.com/CUBETIQ/spring-authorization-server

Fix download artifacts link
Closes gh-263
2021-03-26 08:06:09 +07:00 · 2021-03-19 14:06:49 -04:00 · 2021-03-18 04:05:38 -04:00 · 2021-03-16 10:04:42 -04:00 · 2021-03-15 12:00:44 -04:00 · 2021-03-12 16:09:38 -05:00
13 changed files with 28 additions and 30 deletions
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -3,6 +3,3 @@ contact_links:
  - name: Community Support
    url: https://stackoverflow.com/questions/tagged/spring-security
    about: Please ask and answer questions on StackOverflow with the tag `spring-security`.
-  - name: Security Issues
-    url: https://pivotal.io/security#reporting
-    about: Please report security vulnerabilities here.
--- a/README.adoc
+++ b/README.adoc
@ -45,7 +45,7 @@ This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code
 By participating, you are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

 == Downloading Artifacts
-See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
+See https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Artifacts[downloading Spring artifacts] for Maven repository information.

 == Building from Source
 Spring Authorization Server uses a https://gradle.org[Gradle]-based build system.
--- a/build.gradle
+++ b/build.gradle
@ -5,7 +5,15 @@ buildscript {
 		classpath 'io.spring.nohttp:nohttp-gradle:0.0.5.RELEASE'
 	}
 	repositories {
-		maven { url 'https://repo.spring.io/plugins-snapshot' }
+		maven {
+			url = 'https://repo.spring.io/plugins-snapshot'
+			if (project.hasProperty('artifactoryUsername')) {
+				credentials {
+					username "$artifactoryUsername"
+					password "$artifactoryPassword"
+				}
+			}
+		}
 		maven { url 'https://plugins.gradle.org/m2/' }
 	}
 }
--- a/gradle.properties
+++ b/gradle.properties
@ -1,5 +1,5 @@
-version=0.1.0
-springBootVersion=2.4.2
+version=0.1.1-SNAPSHOT
+springBootVersion=2.4.3
 org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
 org.gradle.parallel=true
 org.gradle.caching=true
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@ -3,7 +3,7 @@ if (!project.hasProperty("springVersion")) {
 }

 if (!project.hasProperty("springSecurityVersion")) {
-	ext.springSecurityVersion = "5.4.2"
+	ext.springSecurityVersion = "5.4.5"
 }

 if (!project.hasProperty("reactorVersion")) {
@ -25,8 +25,6 @@ dependencyManagement {
 	}

 	dependencies {
-		dependency "com.nimbusds:oauth2-oidc-sdk:8.23.1"
-		dependency "com.nimbusds:nimbus-jose-jwt:9.1.3"
 		dependency "javax.servlet:javax.servlet-api:4.0.1"
 		dependency 'junit:junit:4.13.1'
 		dependency 'org.assertj:assertj-core:3.18.1'
--- a/oauth2-authorization-server/spring-security-oauth2-authorization-server.gradle
+++ b/oauth2-authorization-server/spring-security-oauth2-authorization-server.gradle
@ -20,5 +20,5 @@ dependencies {
 }

 jacoco {
-	toolVersion = '0.8.5'
+	toolVersion = '0.8.6'
 }
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/Version.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/Version.java
@ -24,7 +24,7 @@ package org.springframework.security.oauth2.core;
 public final class Version {
 	private static final int MAJOR = 0;
 	private static final int MINOR = 1;
-	private static final int PATCH = 0;
+	private static final int PATCH = 1;

 	/**
 	 * Global Serialization value for Spring Security Authorization Server classes.
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwsEncoder.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwsEncoder.java
@ -43,6 +43,7 @@ import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;

+import net.minidev.json.JSONObject;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@ -197,7 +198,7 @@ public final class NimbusJwsEncoder implements JwtEncoder {
 			Map<String, Object> jwk = headers.getJwk();
 			if (!CollectionUtils.isEmpty(jwk)) {
 				try {
-					builder.jwk(JWK.parse(jwk));
+					builder.jwk(JWK.parse(new JSONObject(jwk)));
 				}
 				catch (Exception ex) {
 					throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.authentication;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

@ -147,7 +146,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 		JoseHeader.Builder headersBuilder = JwtUtils.headers();
 		JwtClaimsSet.Builder claimsBuilder = JwtUtils.accessTokenClaims(
 				registeredClient, issuer, authorization.getPrincipalName(),
-				excludeOpenidIfNecessary(authorizedScopes));
+				authorizedScopes);

 		// @formatter:off
 		JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
@ -169,7 +168,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica

 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				jwtAccessToken.getTokenValue(), jwtAccessToken.getIssuedAt(),
-				jwtAccessToken.getExpiresAt(), excludeOpenidIfNecessary(authorizedScopes));
+				jwtAccessToken.getExpiresAt(), authorizedScopes);

 		OAuth2RefreshToken refreshToken = null;
 		if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN)) {
@ -245,15 +244,6 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 				registeredClient, clientPrincipal, accessToken, refreshToken, additionalParameters);
 	}

-	private static Set<String> excludeOpenidIfNecessary(Set<String> scopes) {
-		if (!scopes.contains(OidcScopes.OPENID)) {
-			return scopes;
-		}
-		scopes = new HashSet<>(scopes);
-		scopes.remove(OidcScopes.OPENID);
-		return scopes;
-	}
-
 	@Override
 	public boolean supports(Class<?> authentication) {
 		return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
@ -311,7 +311,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		assertThat(accessTokenContext.getClaims()).isNotNull();
 		Map<String, Object> claims = new HashMap<>();
 		accessTokenContext.getClaims().claims(claims::putAll);
-		assertThat(claims.containsKey(OidcScopes.OPENID)).isFalse();
+		assertThat(claims).flatExtracting(OAuth2ParameterNames.SCOPE)
+				.containsExactlyInAnyOrder(OidcScopes.OPENID, "scope1");
 		// ID Token context
 		JwtEncodingContext idTokenContext = jwtEncodingContextCaptor.getAllValues().get(1);
 		assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
@ -335,7 +336,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 		assertThat(accessTokenAuthentication.getPrincipal()).isEqualTo(clientPrincipal);
 		assertThat(accessTokenAuthentication.getAccessToken()).isEqualTo(updatedAuthorization.getAccessToken().getToken());
 		Set<String> accessTokenScopes = new HashSet<>(updatedAuthorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
-		accessTokenScopes.remove(OidcScopes.OPENID);
 		assertThat(accessTokenAuthentication.getAccessToken().getScopes()).isEqualTo(accessTokenScopes);
 		assertThat(accessTokenAuthentication.getRefreshToken()).isNotNull();
 		assertThat(accessTokenAuthentication.getRefreshToken()).isEqualTo(updatedAuthorization.getRefreshToken().getToken());
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
@ -43,6 +43,10 @@ import org.springframework.security.oauth2.server.authorization.config.ProviderS
@Import(OAuth2AuthorizationServerConfiguration.class)
 public class AuthorizationServerConfig {

+	private String getIssuer() {
+		return "http://localhost:9000";
+	}
+
 	// @formatter:off
 	@Bean
 	public RegisteredClientRepository registeredClientRepository() {
@ -73,6 +77,6 @@ public class AuthorizationServerConfig {

 	@Bean
 	public ProviderSettings providerSettings() {
-		return new ProviderSettings().issuer("http://auth-server:9000");
+		return new ProviderSettings().issuer(getIssuer());
 	}
 }
--- a/samples/boot/oauth2-integration/client/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
@ -41,7 +41,7 @@ spring:
            client-name: messaging-client-client-credentials
        provider:
          spring:
-            issuer-uri: http://auth-server:9000
+            issuer-uri: http://localhost:9000

 messages:
  base-uri: http://localhost:8090/messages
--- a/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml
@ -14,4 +14,4 @@ spring:
    oauth2:
      resourceserver:
        jwt:
-          issuer-uri: http://auth-server:9000
+          issuer-uri: http://localhost:9000
Author	SHA1	Message	Date
Sambo Chea	7d3acd887a	Merge branch 'master' of https://git.cubetiqs.com/CUBETIQ/spring-authorization-server	2021-03-26 08:06:09 +07:00
Norbert Nowak	658b186381	Fix download artifacts link Closes gh-263	2021-03-19 14:06:49 -04:00
Joe Grandja	d33ec32017	Update gh issue template config.yml	2021-03-18 04:05:38 -04:00
Daniel Garnier-Moiroux	59040a4c3d	Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security - Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+, which breaks NimbusJwsEncoder. - Bump Security to 5.4.5, and Boot to 2.4.3 to match Security Closes gh-256	2021-03-16 10:04:42 -04:00
Joshua Casey	3b0938883b	Scope "openid" should be in access token response scope - Still does not require user consent Closes gh-252	2021-03-15 12:00:44 -04:00
Daniel Garnier-Moiroux	1962b9c5b7	Bump Jacoco to 0.8.6 to support Java 15	2021-03-12 16:09:38 -05:00
Sambo Chea	d11ac9a2ee	Add and custom auth server base url for issuer	2021-02-16 10:08:32 +07:00
Joe Grandja	a90d98aa1e	Use artifactoryUsername/Password for plugin repositories	2021-02-11 22:11:29 -05:00
Joe Grandja	e440935c14	Next Development Version	2021-02-11 21:52:34 -05:00