1.2.0

⭐ New Features

• Move AOT hints to main module #1446
• Allow configurable refresh token strategy for authorization_code grant #1432
• Allow for a configurable strategy for granting refresh_token #1430
• Add AOT hints for demo-authorizationserver sample #1380
• Add how-to guide for dynamic client registration with custom metadata #1376
• ref-doc: Describe main use cases for using Spring Authorization Server #1371
• Consider adding jti claim in JWT #1360

📔 Documentation

• How-to: Customize client metadata during dynamic client registration #1044

🔨 Dependency Upgrades

• Update to com.squareup.okhttp3 4.12.0 #1460
• Update to junit-jupiter 5.10.1 #1459
• Update to nimbus-jose-jwt 9.37.1 #1458
• Update to jackson-bom 2.16.0 #1457
• Update to Spring Security 6.2.0 #1456
• Update to Spring Framework 6.1.0 #1455

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @ddubson
• @joshlong

1.2.0-RC1

⭐ New Features

• Add reusable default authentication failure handler #1384

🔨 Dependency Upgrades

• Update to nimbus-jose-jwt 9.37 #1408
• Update to jackson-bom 2.15.3 #1407
• Update to Spring Security 6.2.0-RC2 #1406
• Update to Spring Framework 6.1.0-RC1 #1405

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @ddubson

1.1.3

🪲 Bug Fixes

• Fix typo: context.getHeaders() to context.getJwsHeader() #1393
• client_id and client_secret provided via query parameters are accepted for client_secret_post #1390
• Should return hashed client_secret when registering with client_secret_jwt #1383

🔨 Dependency Upgrades

• Update to Spring Boot 3.1.4 #1404
• Update to jackson-bom 2.15.3 #1403
• Update to Spring Security 6.1.5 #1402
• Update to Spring Framework 6.0.13 #1401

1.0.4

🪲 Bug Fixes

• Fix typo: context.getHeaders() to context.getJwsHeader() #1392
• client_id and client_secret provided via query parameters are accepted for client_secret_post #1389
• Should return hashed client_secret when registering with client_secret_jwt #1382

🔨 Dependency Upgrades

• Update to Spring Boot 3.0.11 #1400
• Update to org.hsqldb:hsqldb 2.7.2 #1399
• Update to Spring Security 6.0.8 #1398
• Update to Spring Framework 6.0.13 #1397

0.4.4

🪲 Bug Fixes

• Fix typo: context.getHeaders() to context.getJwsHeader() #1391
• client_id and client_secret provided via query parameters are accepted for client_secret_post #1378
• Fix to return hashed client_secret when registering with client_secret_jwt #1345
• Should return hashed client_secret when registering with client_secret_jwt #1344

🔨 Dependency Upgrades

• Update to Spring Boot 2.7.16 #1396
• Update to Spring Security 5.8.8 #1395
• Update to Spring Framework 5.3.30 #1394

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @uc4w6c

1.2.0-M1

⭐ New Features

• Add code challenge methods for oidc provider configuration response #1329
• Adds ability to inject custom metadata at client registration #1326
• Adds dynamic client registration how-to guide #1320
• code_challenge_methods_supported field not in openid-configuration endpoint #1302
• Migrate docs to Antora #1295
• Antora #1292
• Adds how-to guide on adding authorities to access tokens #1264
• Issue 1246 adding debug log entry #1261
• Consider logging missing code_verifier when code_challenge is included in authorization request #1248
• Consider logging missing code_challenge when PKCE is required #1247
• Consider logging invalid client secret #1246
• Consider logging invalid redirect_uri and scope #1245
• Fix :spring-authorization-server-docs:asciidoctor cacheability #1231
• Simplify dynamic client registration with custom metadata #1172
• How-to: Dynamic client registration #647
• How-to: Authorize an access token containing custom authorities #542

🪲 Bug Fixes

• Fix: add length validation to prevent 500 error on invalid usercode #1318

🔨 Dependency Upgrades

• Update to okhttp 4.11.0 #1368
• Update to junit-jupiter 5.10.0 #1367
• Update to nimbus-jose-jwt 9.35 #1366
• Update to Spring Security 6.2.0-M3 #1365
• Update to Spring Framework 6.1.0-M5 #1364

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @ddubson
• @rwinch
• @jprinet
• @drunkcattt
• @fndejan

1.1.2

🪲 Bug Fixes

• Fix samples test suite execution and failing tests #1325
• Samples test suite is not executed as part of build process #1324
• Fix: add length validation to prevent 500 error on invalid usercode #1309
• Fix generating ID token with null sid when refresh_token grant #1289
• Default error controller throws NPE when error message attribute missing #1286
• Generating ID token when sid null during refresh_token grant throws IllegalArgumentException #1283

🔨 Dependency Upgrades

• Update to org.hsqldb:hsqldb 2.7.2 #1340
• Update to Spring Security 6.1.2 #1339
• Update to Spring Framework 6.0.11 #1338

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @martinr0x
• @ddubson
• @cbilodeauupgrade

1.1.1

⭐ New Features

• Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1223
• Use substring instead of replaceFirst in OAuth2AuthorizationConsent #1222

🪲 Bug Fixes

• Device Grant AuthenticationConverter's can not handle multi-valued parameters #1269
• OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1268
• Validate authorized principal instead of sub during logout #1235
• Fix NPE on access token in OAuth2AuthorizationCodeAuthenticationProvider #1233
• ID Token missing sid claim after refresh_token grant #1224
• Revert serialVersionUID to 1.1.0 #1220

🔨 Dependency Upgrades

• Update to jackson-bom 2.15.2 #1282
• Update to Spring Security 6.1.1 #1279
• Update to Spring Framework 6.0.10 #1278
• Update com.gradle.enterprise plugin to 3.13.3 #1234
• Update to Spring Boot 3.1.0 #1229

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @heartape
• @pavelefros

1.0.3

🪲 Bug Fixes

• OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1267
• Revert serialVersionUID to 1.0.0 #1219
• Fix artifact build properties for Artifactory #1180
• Apply ArtifactoryPlugin to SpringRootProjectPlugin #1178

🔨 Dependency Upgrades

• Update to junit-jupiter 5.9.3 #1281
• Update to Spring Security 6.0.4 #1277
• Update to Spring Framework 6.0.10 #1276
• Update to jackson-bom 2.14.3 #1275
• Update spring-asciidoctor-backends to 0.0.5 #1194
• Update io.spring.ge.conventions plugin to 0.0.13 #1193
• Update to org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0 #1176

0.4.3

🪲 Bug Fixes

• Fix to save all values for multi-valued request parameters #1252
• OAuth2AuthorizationCodeRequestAuthenticationConverter can not handle multi-valued parameters #1250
• Revert serialVersionUID to 0.4.0 #1218
• Fix artifact build properties for Artifactory #1179
• Apply ArtifactoryPlugin to SpringRootProjectPlugin #1177

🔨 Dependency Upgrades

• Update to junit-jupiter 5.9.3 #1280
• Update to jackson-bom 2.14.3 #1274
• Update to Spring Security 5.8.4 #1273
• Update to Spring Framework 5.3.28 #1272
• Update spring-asciidoctor-backends to 0.0.5 #1192
• Update io.spring.ge.conventions plugin to 0.0.13 #1190
• Update to org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0 #1175

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @martin-lindstrom