Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow configuring PKCE for confidential clients

Browse Source 
Closes gh-6548
This commit is contained in:
Joe Grandja
2022-03-15 10:25:17 -04:00
parent 7955e5ac52
commit a2ffc88294
8 changed files with 369 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/reactive/oauth2/client/authorization-grants.adoc
+3
View File
@@ -72,6 +72,9 @@ If the client is running in an untrusted environment (eg. native application or
. `client-secret` is omitted (or empty)
. `client-authentication-method` is set to "none" (`ClientAuthenticationMethod.NONE`)
[TIP]
If the OAuth 2.0 Provider supports PKCE for https://tools.ietf.org/html/rfc6749#section-2.1[Confidential Clients], you may (optionally) configure it using `DefaultServerOAuth2AuthorizationRequestResolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce())`.
[[oauth2Client-auth-code-redirect-uri]]
The `DefaultServerOAuth2AuthorizationRequestResolver` also supports `URI` template variables for the `redirect-uri` using `UriComponentsBuilder`.
docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc
+3
View File
@@ -72,6 +72,9 @@ If the client is running in an untrusted environment (eg. native application or
. `client-secret` is omitted (or empty)
. `client-authentication-method` is set to "none" (`ClientAuthenticationMethod.NONE`)
[TIP]
If the OAuth 2.0 Provider supports PKCE for https://tools.ietf.org/html/rfc6749#section-2.1[Confidential Clients], you may (optionally) configure it using `DefaultOAuth2AuthorizationRequestResolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce())`.
[[oauth2Client-auth-code-redirect-uri]]
The `DefaultOAuth2AuthorizationRequestResolver` also supports `URI` template variables for the `redirect-uri` using `UriComponentsBuilder`.
docs/modules/ROOT/pages/whats-new.adoc
+18 -2
View File
@@ -4,5 +4,21 @@
Spring Security 5.7 provides a number of new features.
Below are the highlights of the release.
* xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
* xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`.
[[whats-new-servlet]]
== Servlet
* Web
** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`
* OAuth 2.0 Client
** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
[[whats-new-webflux]]
== WebFlux
* OAuth 2.0 Client
** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]