You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
[java-security]
getClientId() method was added to Token interface. getClientId() method should be used instead of getClaimAsString(TokenClaims.XSUAA.CLIENT_ID). TokenClaims.XSUAA.CLIENT_ID is deprecated.
Supports IAS token validation. IAS_SERVICE_NAME has not be provided any longer. You can find a sample here.
[java-security-test] In case you like to overwrite the client id using JwtGenerator using withClaimValue() or withClaimValues() method, it's recommended to set the azp claim instead using withClaimValue(TokenClaims.AUTHORIZATION_PARTY, "T000310").
[spring-xsuaa]
getClientId() method implementation of Token interface has been changed. Using azp and as fallback aud and cid claims to obtain client id.
⚠️backward incompatible change: usage of deprecated org.springframework.security.oauth:spring-security-oauth2 dependency in OAuth2AuthenticationConverter was removed. OAuth2AuthenticationConverter.convert() method return type has changed from org.springframework.security.oauth2.provider.OAuth2Authentication to org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
Migration tips
when necessary, org.springframework.security.oauth:spring-security-oauth2 dependency need to be provided explicitly
OAuth2WebSecurityExpressionHandler() won't work in conjunction with OAuth2AuthenticationConverter, as it expects OAuth2Authentication class instead of BearerTokenAuthentication when deriving authorization claims. Use hasAuthority() or hasAnyAuthority() instead of explicitly defined expressionHandler(new OAuth2WebSecurityExpressionHandler()) and access() expression for authorized requests.
