Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.
This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.
Closes gh-18030
Introduces customizable Predicate to determine if user consent is
required in device authorization flows. Previously, device consent
handling used fixed logic. Now applications can define custom logic
for skipping or displaying consent pages.
Adds OAuth2DeviceVerificationAuthenticationContext and updates
OAuth2DeviceVerificationAuthenticationProvider with
setAuthorizationConsentRequired method.
Fixes gh-18016
Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the copyright headers.
The copyright headers were updated using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Issue gh-17880
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the copyright headers.
The copyright headers were updated using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Issue gh-17880
It would be better to introduce parameter types for
principal and credentials into Authentication.Builder
at the same time as doing so for Authentication
Issue gh-17861
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible
Issue gh-17861
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.
It also adds Builders for each one of the authentication
result classes.
Issue gh-17861
This commit simplfies the logic in JwtGrantedAuthoritiesConverter
to no longer need the authoritiesClaimName field.
Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
Previously the Oidc(Reactive)OAuth2UserService APIs allowed a strategy
for converting to the OidcUser with the OidcUserRequest and OidcUserInfo.
The input should also include the OAuth2User to make
it simple to use the OAuth2User as a part of the conversion.
This commit introduces OidcUserSource as a POJO containing
OidcUserRequest, OidcUserInfo, and OAuth2User.
It then updates the OidcUser conversion strategy in OidcUserService and
OidcReactiveOAuth2UserService to accept OidcUserSource as the source for
the Converter used to create OidUser.
Closes gh-17626
Rob Winch