You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
set validators to package private, you can customize the JWT validators using the JwtValidatorBuilder.
Create validation results lazy. Avoid false warning validation results from JwtAudienceValidator (#290), e.g. Jwt token with audience [<appId>, uaa] is not issued for these clientIds: [<appId>].
[spring-xsuaa] Improve logs of Audience Validators.
renamed file privateKey.txt to spring-xsuaa-privateKey.txt and publicKey.txt to spring-xsuaa-publicKey.txt to avoid name clashes in context of CAP, which results in a strange IllegalArgumentException:failed to construct sequence from byte[]: DEF length 1213 object truncated by 2. This can happen when you use java-security-test and spring-xsuaa-test in parallel.
For new applications spring-xsuaa-test can be replaced in favor of java-security-test for unit testing. For testing your app locally you can setup your local environment with the VCAP_SERVICES in order to test with your XSUAA instance on Cloud Foundry.
[token-client]
more detailed debug logs and details to exception; decoded token gets logged.
supports optional scope parameter to reduce scopes that are provided via CientCredentialsTokenFlow or UserTokenFlow.
By default requested tokens are now cached. You can disable the cache globally or per request as described here.
never log an encoded token! Instead you can log the OAuth2TokenResponse itself: the toString() method provides the content of the decoded token (clear text). Be aware that this contains sensitive user data.
