1.3.2

What's Changed

• [Snyk] Upgrade javax.ws.rs:javax.ws.rs-api from 2.1 to 2.1.1 (#234) @snyk-bot

🚀 Features

• Better support for meta annotations by using AnnotatedElementUtils.findMergedAnnotation (#255) @janolaveide

⬆️ Dependency upgrades

• build(deps): bump caffeine from 2.8.7 to 2.8.8 (#256) @dependabot-preview
• build(deps): bump caffeine from 2.8.6 to 2.8.7 (#252) @dependabot-preview
• build(deps): bump kotlin.version from 1.4.20 to 1.4.21 (#253) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.26 to 8.28.1 (#250) @dependabot-preview
• build(deps-dev): bump groovy from 3.0.6 to 3.0.7 (#251) @dependabot-preview
• build(deps): bump ktor.version from 1.4.2 to 1.4.3 (#249) @dependabot-preview
• build(deps): bump kotlin.version from 1.4.10 to 1.4.20 (#246) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.25 to 8.26 (#245) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.23.1 to 8.25 (#242) @dependabot-preview
• build(deps): bump rest-assured.version from 4.3.1 to 4.3.2 (#241) @dependabot-preview
• build(deps): bump ktor.version from 1.4.1 to 1.4.2 (#243) @dependabot-preview
• build(deps): bump spring-boot.version from 2.3.4.RELEASE to 2.3.5.RELEASE (#240) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.23 to 8.23.1 (#239) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.22 to 8.23 (#238) @dependabot-preview
• build(deps): bump caffeine from 2.8.5 to 2.8.6 (#237) @dependabot-preview

1.3.1

What's Changed

🚀 Features

• demo: Client demo for Kotlin application using Ktor. (#210) @ybelMekk @tommytroen @tronghn
• feat: Configurable JWKSet cache for each provider. (#216) @ybelMekk @tommytroen
• feat: introduce new module token-validation-spring-test for JUnit tests and local development (#223) @tommytroen
  • support for multiple issuers when running locally
• feat: Ability to load client jwk as env or file. (#211) @ybelMekk
• [token-client-*]: Support well-known url if token endpoint url is not set (#205) @tommytroen

🧰 Maintenance

• fix: remove stacktrace from info log about invalid token for an issuer (#220) @ybelMekk
• dep: set lombok scope to provided (#219) @ybelMekk

⬆️ Dependency upgrades

• dep: Update kotlin to 1.4.10 and ktor to 1.4.1 (#233) @ybelMekk
• build(deps): bump hibernate-validator.version from 6.1.5.Final to 6.1.6.Final (#228) @dependabot-preview
• build(deps-dev): bump groovy from 3.0.5 to 3.0.6 (#227) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.21 to 8.22 (#224) @dependabot-preview
• build(deps): bump spring-boot.version from 2.3.3.RELEASE to 2.3.4.RELEASE (#222) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.20 to 8.21 (#218) @dependabot-preview
• build(deps): bump mockwebserver from 4.8.0 to 4.9.0 (#213) @dependabot-preview
• build(deps): bump okhttp from 4.8.0 to 4.9.0 (#212) @dependabot-preview
• build(deps): bump oauth2-oidc-sdk from 8.19 to 8.20 (#217) @dependabot-preview
• build(deps-dev): bump mock-oauth2-server from 0.1.34 to 0.1.35 (#214) @dependabot-preview
• build(deps): bump wiremock from 2.27.1 to 2.27.2 (#209) @dependabot-preview
• build(deps): bump spring-boot.version from 2.3.2.RELEASE to 2.3.3.RELEASE (#200) @dependabot-preview
• build(deps-dev): bump groovy from 3.0.3 to 3.0.5 (#197) @dependabot-preview

1.3.0

What's Changed

🚀 Features

• token-validation-*: look for annotations more robustly, support for meta annotations (#191) @janolaveide
• token-validation-ktor: adding support for token expirythreshold in the ktor-module. (#185) @Robert-Larsen
• token-client-*: implement client for OAuth 2.0 Token Exchange (#180) @ybelMekk @tommytroen

⚠️ Breaking Changes

• feature: implement client for OAuth 2.0 Token Exchange (#180)
  • refactor OnBehalfOfAssertionResolver interface to JwtBearerTokenResolver

⬆️ Dependency upgrades

• Bump rest-assured.version from 4.2.0 to 4.3.1 (#182) @dependabot-preview
• Bump okhttp from 4.7.2 to 4.8.0 (#187) @dependabot-preview
• Bump mockwebserver from 4.7.2 to 4.8.0 (#188) @dependabot-preview
• Bump oauth2-oidc-sdk from 8.9 to 8.19 (#193) @dependabot-preview
• Bump wiremock from 2.26.3 to 2.27.1 (#181) @dependabot-preview
• Bump caffeine from 2.8.4 to 2.8.5 (#175) @dependabot-preview
• Bump spring-boot.version from 2.3.1.RELEASE to 2.3.2.RELEASE (#194) @dependabot-preview

1.2.0

What's Changed

🚀 Features

• feature: add configurable token validator, possibility for optional claims (#173) @ybelMekk
  • allow tokens without sub and aud claims to be validated

⬆️ Dependency upgrades

• Bump spring-boot.version from 2.3.0.RELEASE to 2.3.1.RELEASE (#170) @dependabot-preview
• Bump oauth2-oidc-sdk from 8.5 to 8.9 (#169) @dependabot-preview

1.1.6

What's Changed

🚀 Features

• Add: Ability to use oidc and / or oauth servers. (#166) @ybelMekk

⬆️ Dependency upgrades

• Bump kotlin.version from 1.3.71 to 1.3.72 (#162) @dependabot-preview
• Bump maven-assembly-plugin from 3.2.0 to 3.3.0 (#160) @dependabot-preview
• Bump oauth2-oidc-sdk from 8.4 to 8.5 (#167) @dependabot-preview
• Bump spring-boot.version from 2.2.6.RELEASE to 2.3.0.RELEASE (#161) @dependabot-preview
• Bump caffeine from 2.8.1 to 2.8.4 (#156) @dependabot-preview
• Bump oauth2-oidc-sdk from 7.1.1 to 8.4 (#153) @dependabot-preview
• Bump okhttp from 4.4.0 to 4.7.2 (#154) @dependabot-preview
• Bump mockwebserver from 4.4.0 to 4.7.2 (#155) @dependabot-preview
• dependencies(token-validation-ktor*): bump ktor and kotlin (#158) @tommytroen
• Bump hibernate-validator.version from 6.1.2.Final to 6.1.5.Final (#145) @dependabot-preview
• Bump spring-boot.version from 2.2.5.RELEASE to 2.2.6.RELEASE (#134) @dependabot-preview
• Bump kotlin.version from 1.3.70 to 1.3.71 (#133) @dependabot-preview
• Bump maven-javadoc-plugin from 3.1.0 to 3.2.0 (#131) @dependabot-preview
• Bump ktor.version from 1.2.6 to 1.3.2 (#129) @dependabot-preview
• Bump wiremock from 2.26.2 to 2.26.3 (#126) @dependabot-preview

1.1.5

What's Changed (since last documented release - 0.2.11)

• new release pipeline with changelog (#146) @tommytroen
• Fix 122 claims annotation processing (#123) @oyvindstegard
• Reintroduce resourceUrl in OAuth2 ClientProperties (#103) @tommytroen
• [token-validation-ktor-demo] exclude spring dependencies (#98) @tommytroen
• refactor: ktor validation fixes (#97) @tronghn
• Refactoring and conditional wiring of beans (#78) @tommytroen
• feature/private_key_jwt authentication (#71) @tommytroen
• move pipeline to circleci (#70) @tommytroen
• additionalValidation: Litt mer fleksibilitet i auth-"filter" (#64) @royag-nav
• feature/token-client-core (#65) @tommytroen
• Unannotated RestControllers should throw a server error (#60) @tommytroen
• Metadata exception handling (#59) @tommytroen
• added getExpirationTime (#44) @janolaveide
• Add OAuth2 clients for OnBehalfOf and client_credentials flow (#46) @tommytroen
• Update to Java 11 for source and target (#48) @tommytroen
• Massive refactoring and new modules for Ktor (#32) @tommytroen
• improve test coverage of the oidc-spring-support module (#25) @tommytroen
• Degrade log-level to INFO when user have an invalid token. (#18) @siljee
• switch to junit 5, clean up messy poms (#23) @janolaveide
• Add expiration date to OIDCTokenValidationException and also log this when this exception is thrown (#17) @janolaveide

⬆️ Dependency upgrades

• Bump spring-mock-mvc from 3.3.0 to 4.2.0 (#106) @dependabot-preview
• Bump kotlin.version from 1.3.61 to 1.3.70 (#121) @dependabot-preview
• Bump wiremock from 2.26.1 to 2.26.2 (#120) @dependabot-preview
• Bump spring-boot.version from 2.2.4.RELEASE to 2.2.5.RELEASE (#119) @dependabot-preview
• Bump hibernate-validator.version from 6.1.1.Final to 6.1.2.Final (#111) @dependabot-preview
• Bump mockwebserver from 4.3.1 to 4.4.0 (#114) @dependabot-preview
• Bump okhttp from 4.3.1 to 4.4.0 (#115) @dependabot-preview
• Bump oauth2-oidc-sdk from 6.23 to 7.1.1 (#117) @dependabot-preview
• Bump wiremock from 2.25.1 to 2.26.1 (#118) @dependabot-preview
• Bump caffeine from 2.8.0 to 2.8.1 (#105) @dependabot-preview
• Bump hibernate-validator.version from 6.1.0.Final to 6.1.1.Final (#100) @dependabot-preview
• Bump mockwebserver from 4.2.2 to 4.3.1 (#94) @dependabot-preview
• Bump okhttp from 4.2.2 to 4.3.1 (#95) @dependabot-preview
• Bump oauth2-oidc-sdk from 6.18 to 6.23 (#96) @dependabot-preview
• Bump maven-source-plugin from 3.2.0 to 3.2.1 (#90) @dependabot-preview
• Bump spring-boot.version from 2.2.0.RELEASE to 2.2.2.RELEASE (#87) @dependabot-preview
• Bump kotlin.version from 1.3.50 to 1.3.61 (#84) @dependabot-preview
• Bump ktor.version from 1.2.5 to 1.2.6 (#82) @dependabot-preview
• Bump maven-jar-plugin from 3.1.2 to 3.2.0 (#76) @dependabot-preview
• Bump maven-source-plugin from 2.2.1 to 3.2.0 (#74) @dependabot-preview
• Bump maven-assembly-plugin from 3.1.1 to 3.2.0 (#73) @dependabot-preview
• Bump wiremock from 2.19.0 to 2.25.1 (#62) @dependabot-preview
• Bump mockwebserver from 3.14.3 to 4.2.2 (#53) @dependabot-preview

v0.2.11

• Filter which send a response header when a tokens remaining lifetime is less than or equal to configured value (in minutes)
  • Enabled if property no.nav.security.oidc.expirythreshold is set with a value (in minutes). If the token lifetime has passed the threshold, a http response header with the name x-token-expires-soon will be returned.
• @ProtectedWithClaims allows for claim checking with combination algorithm OR
  • i.e. any claim that you specify that also is present in the token will be allowed
• Proxy settings per issuer
  • It is now possible to set proxy settings per issuer configuration (see README), i.e. all issuers will not inherit proxy settings but can be specified explicitly on an issuer
• Renamed module oidc-spring-test to oidc-test-support to support test functionality regardless of Spring
• Annotations moved into oidc-support module
  • Requires refactoring
• Added Oidc Jersey/JAX-RS wrapper module
  • Use same annotations as oidc-spring-support

NOT BACKWARDS COMPATIBLE WITH v0.2.4 - some refactoring required

v0.2.4

Use EnableOIDCTokenValidation annotation on any class (not just the main class):

• i.e. configuration classes

Support for multiple ID token validators per issuer:

• one issuer can have one validator per audience
• in Nimbus there is a one to one relationship between issuer and clientId (accepted audience), so in order to support validation of tokens with different audience claims within the same app the OIDCTokenValidator has been modified to include a map of audience and IDTokenValidator. The validation is still within the boundaries of the OpenID Connect spec.

v0.2.3

Minor bug release for oidc-spring-test

• Fixed bug when redirecting in endpoint /local/cookie?redirect=someurl: 00269ab

v0.2

Simplifying abstractions and some configuration refactoring.

Not backwards-compatible:

• Renamed property:
  no.nav.security.oidc.issuer.[issuer name].uri - The OIDC provider configuration endpoint (meta-data)
  no.nav.security.oidc.issuer.[issuer shortname].discoveryurl - The OIDC provider configuration endpoint (meta-data)