Release Micronaut Security 2.2.0 · micronaut-projects/micronaut-security

💡Features and Improvements

Support for Client credentials Grant.
For users using idtoken authentication mode, we validate the following claims as described in the ID Token Validation documentation:

The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.

The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element.

If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present.

If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id is the Claim Value.

📑Documentation

Clarify JWT Signature verification/generation

⚙️Dependency Upgrades

Built with Micronaut 2.1.4

Bumps nimbus-jose-jwt from 9.0.1 to 9.1.2. Nimbus Changelog, Nimbus Commits

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Micronaut Security 2.2.0

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

💡Features and Improvements

📑Documentation

⚙️Dependency Upgrades

Uh oh!