Spring Authorization Server 0.2.2 is released, this version is mainly about optimizations and bug fixes, the more important new feature is Client authentication support for JWT assertions.
Release Notes
New features
JdbcOAuth2AuthorizationServicenow supports large database fields.- Deprecated
OAuth2TokenIntrospectionClaimAccessor, will use Spring Security 5.6 implementation. - Deprecate
JwtEncoderrelated classes and use Spring Security jose library implementation. - The token field in the
JdbcOAuth2AuthorizationServicenow supportsclobandtextdata types. - Token revocation logic is now customizable.
- The
userinfo_endpointendpoint is now added to the authorization server metadata information. - Support for
issuerthat parses Token from the current request. - Client authentication now supports JWT assertion.
Bug fix
- Missing
stateand rejecting consent in the initial request causes an exception. - Throwing
invalid_grantwhen requesting an invalid token with PKCE #581. - The default configuration exceeds the Mysql row limit.
OAuth2ClientAuthenticationTokenshould not be saved across requests.
Dependency Upgrade
- Upgrade to Jackson 2.12.6 #609
- Upgrade to Spring Boot 2.5.9 #608
- Upgrade to Reactor 2020.0.15 #607
- Upgrade to Spring Security 5.5.4 #606
- Upgrade to Spring Framework 5.3.15 #605
- Upgrade to io.spring.ge.conventions 0.0.9 #578
- Upgrade to
gradle enterprise 3.8to circumvent log4j vulnerability CVE-2021-45105