8cde02be4f
Allow reading JWT signing key from PEM-encoded PKCS8 file
/ build (push) Successful in 2m21s
2025-05-07 14:30:19 +02:00
1d469c7346
Autofocus the custom principal field during developer authorization flow
...
/ build (push) Successful in 2m13s
Simple change but very convenient.
2025-04-29 20:10:21 +02:00
20cd09737d
Include your own entitlements during custom authorization flow
/ build (push) Successful in 2m35s
2025-04-28 16:27:40 +02:00
360119ad6a
Generate a client secret when a public client goes private
...
/ build (push) Successful in 2m11s
This can also be used as a way to get a new client secret for a private client by switching to public and back.
2025-04-25 10:56:27 +02:00
18945e22bf
Support for user consent ( #4 )
...
/ build (push) Successful in 1m45s
All clients will now require user consent.
Users with developer access can configure their clients to not require consent.
2025-04-25 10:21:16 +02:00
8307bc4906
Verify public clients are not issued refresh tokens
/ build (push) Successful in 1m56s
2025-04-15 14:42:12 +02:00
3822f1229c
Change the OAuth 2 / OIDC endpoint URLs.
...
A decision was made to not deploy as a drop-in replacement but rather migrate applications to the new authorzitanion server.
This means it is no longer necessary to maintain backwards-compatible URLs and can instead use more "standard" URLs.
Not super-critical since they should be discovered via metadata but still nice that the URLs map closer to what the endpoint is called in the various specifications.
2025-04-15 14:32:56 +02:00
09f2fe9430
Change the default JTE templates to be pre-compiled and switch to development mode only in the "dev" profile.
...
This is done so that the default artifact produced my `mvnw package` works out of the box without explicitly changing to pre-compiled templates.
2025-04-15 13:50:40 +02:00
14f7ca66cb
Utilize X-Forwarded-* headers in embedded Docker container
/ build (push) Successful in 1m58s
2025-04-08 22:48:57 +02:00
1a2a84f674
Immediately show authorization request errors before showing the custom authorization form
/ build (push) Successful in 1m54s
2025-04-02 00:37:42 +02:00
857d59d391
Better error handling, especially during developer authorization
2025-04-02 00:16:52 +02:00
c421125eb4
Fix Shibboleth/Tomcat providing a principal with a blank name in the unauthenticated case
/ build (push) Successful in 1m52s
2025-04-01 20:11:08 +02:00
71862afb55
Introduce a training run in the Docker build to speed it up
...
/ build (push) Successful in 1m34s
See https://openjdk.org/jeps/483
2025-03-28 15:51:24 +01:00
c9559ca930
Edit clients
/ build (push) Successful in 2m2s
2025-03-28 13:27:06 +01:00
a4f99f1b29
WAR file is never executed but rather deployed to an application server
2025-03-28 12:49:13 +01:00
9a6e21a396
Persist tokens between restarts
...
/ build (push) Successful in 1m30s
Utilize Java serialization to turn the entire OAuth2Authorization to a binary blob and store that in the database. Could not find a better way to do it given the types involved (like Map<String, Object> properties). Sure, Java serialization can fail on arbitrary objects but hopefully since OAuth2Authorization implements java.io.Serializable any properties put in are serializable as well.
2025-03-28 11:58:35 +01:00
f0947c5ff8
Remove accidental port mapping
/ build (push) Successful in 1m30s
2025-03-28 11:39:46 +01:00
0bb0cff7ca
Build on push
/ build (push) Successful in 1m28s
2025-03-27 15:16:33 +01:00
2c6716865b
Allow setting custom entitlements
2025-03-27 15:03:45 +01:00
7fd46e88fe
Handle client redirect URI being null
2025-03-27 00:34:27 +01:00
9e8962c909
Migrate data from old authorization server
...
The new tables are prefixed with v2_ to allow simultaneous deployments
2025-03-26 18:53:13 +01:00
87d6bd594c
Provide an embedded Docker container for local development ( #1 )
...
Allow developers to add this as a service to their Docker Compose file to enable local OAuth 2.0 flows.
See the following example:
```
services:
oauth2:
build: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git
restart: unless-stopped
ports:
- "<host_port>:8080"
environment:
CLIENT_ID=awesome-app
CLIENT_SECRET=p4ssw0rd
CLIENT_REDIRECT_URI=http://localhost/oauth2/callback
```
Reviewed-on: #1
2025-03-26 18:51:20 +01:00
411bba57b2
Better description about the ways to verify tokens to let developer decide based on characteristics
2025-03-25 19:47:16 +01:00
464031bd17
Fix HTTP header name
2025-03-25 19:33:39 +01:00
bb8c0a2e60
General OAuth 2.0 documentation
2025-03-25 15:28:44 +01:00
becbcec39f
Upgrade Spring Boot version
2025-03-25 12:59:02 +01:00
245585c3d8
Add development instructions
2025-03-25 12:57:42 +01:00
fbca82d17e
Lower required Java version
2025-03-25 12:57:31 +01:00
a9f8f5bd53
Fix +x flag on mvnw
2025-03-25 12:44:32 +01:00
cefb4af44d
Include end user's entitlements (public information) in the access token
2025-03-24 23:05:27 +01:00
0d78322828
Move UserInfo endpoint for compatibility with old authorization server
2025-03-24 00:15:12 +01:00
54afb20c4d
Allow a persistent RSA key pair to be used for signing
...
Persistent as in it survives application restarts.
2025-03-22 17:47:32 +01:00
95ee6e77d7
Add and remove additional client owners
2025-03-22 16:45:35 +01:00
8578984e6e
Support resource servers using token introspection
2025-03-22 15:35:24 +01:00
ef56e5c4b5
Fix public client code flow
2025-03-22 13:31:26 +01:00
90218e988b
Improved navigation by adding a breadcrumb
2025-03-22 12:22:27 +01:00
71e82e0020
Display currently registered clients
2025-03-22 12:21:46 +01:00
68660f96a4
Register new clients
...
Error controller must handle all HTTP methods, not just GET. For example if getting an error on submitting a form.
All the test that previously excluded DataSourceConfiguration can no longer do so because of the ClientAdminController that requires a ClientManagementService whose implementation relies on a DataSource.
2025-03-22 11:55:49 +01:00
0f5a79f7b9
Fully populate all attributes as the fake user during development
2025-03-21 19:21:56 +01:00
90a104ca8c
Remove duplicate label/input names
2025-03-21 19:20:46 +01:00
83cb7dff7c
Improve developer experience when editing custom authorization template
2025-03-21 19:12:47 +01:00
18762df791
Extract base template for pages
2025-03-21 17:03:57 +01:00
d59f1ac057
Add custom flow HTML page
2025-03-21 16:37:42 +01:00
abd9207486
Improve validation of OAuth 2 authorization parameters in custom flow
2025-03-21 15:15:17 +01:00
5e6e5633d1
Fix authorization URL in custom flow
2025-03-21 15:15:15 +01:00
253161bd8e
Allow customizing the id token in the custom authorization flow
2025-03-21 15:15:14 +01:00
ae64f40048
dev profile allows custom authorization
2025-03-21 15:15:13 +01:00
b1cdb1200a
Let spring-boot-docker-compose automatically connect to the database
2025-03-21 15:15:11 +01:00
a7e51c303c
dev profile gives admin access
2025-03-21 15:15:10 +01:00
ef99fbcc02
Add email claims to id token if email scope is authorized
2025-03-21 15:15:08 +01:00
