Releases: navikt/token-support
Releases · navikt/token-support
1.3.9
What's Changed
- path-feil (#414) @bent-lorentzen
- [Snyk] Fix for 1 vulnerabilities (#388) @snyk-bot
🧰 Maintenance
⬆️ Dependency upgrades
- build(deps): bump spring-boot.version from 2.5.4 to 2.5.5 (#411) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.14 to 9.15.2 (#413) @dependabot
- build(deps): bump logback-classic from 1.2.5 to 1.2.6 (#404) @dependabot
- build(deps): bump kotest.version from 4.6.2 to 4.6.3 (#408) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.15 to 9.17 (#410) @dependabot
- build(deps): bump caffeine from 3.0.3 to 3.0.4 (#406) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.13 to 9.14 (#407) @dependabot
- build(deps): bump kotlin.version from 1.5.30 to 1.5.31 (#409) @dependabot
- build(deps): bump maven-javadoc-plugin from 3.3.0 to 3.3.1 (#403) @dependabot
- build(deps-dev): bump groovy from 3.0.8 to 3.0.9 (#402) @dependabot
- build(deps): bump ktor.version from 1.6.2 to 1.6.3 (#400) @dependabot
- build(deps): bump kotlin.version from 1.5.21 to 1.5.30 (#398) @dependabot
- build(deps): bump kotest.version from 4.6.1 to 4.6.2 (#399) @dependabot
- build(deps): bump maven-gpg-plugin from 1.6 to 3.0.1 (#351) @dependabot
- build(deps): bump kotest.version from 4.6.0 to 4.6.1 (#377) @dependabot
- build(deps): bump spring-boot.version from 2.5.3 to 2.5.4 (#395) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.11.3 to 9.13 (#396) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.11 to 9.15 (#397) @dependabot
- build(deps): bump spring-boot.version from 2.5.2 to 2.5.3 (#382) @dependabot
- build(deps): bump kotlin.version from 1.5.20 to 1.5.21 (#378) @dependabot
- build(deps): bump logback-classic from 1.2.3 to 1.2.5 (#384) @dependabot
- build(deps): bump ktor.version from 1.6.1 to 1.6.2 (#387) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.9.1 to 9.11 (#389) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.10.1 to 9.11.3 (#390) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.9 to 9.9.1 (#374) @dependabot
- build(deps): bump caffeine from 3.0.2 to 3.0.3 (#375) @dependabot
- build(deps): bump ktor.version from 1.6.0 to 1.6.1 (#373) @dependabot
- build(deps): bump mock-oauth2-server from 0.3.3 to 0.3.4 (#372) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.10 to 9.10.1 (#371) @dependabot
1.3.8
What's Changed
🐛 Bug Fixes
⬆️ Dependency upgrades
- build(deps): bump spring-boot.version from 2.5.1 to 2.5.2 (#370) @dependabot
- build(deps): bump kotlin.version from 1.5.10 to 1.5.20 (#369) @dependabot
- build(deps): bump spring-boot.version from 2.5.0 to 2.5.1 (#368) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.8.1 to 9.9 (#367) @dependabot
- build(deps): bump nimbus-jose-jwt from 9.9.3 to 9.10 (#366) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.8 to 9.8.1 (#365) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.7 to 9.8 (#364) @dependabot
- build(deps): bump ktor.version from 1.5.4 to 1.6.0 (#363) @dependabot
- deps, fix: nimbus upgrades and logging of potential missing dependencies (#362) @tronghn
- build(deps): bump oauth2-oidc-sdk from 9.5.2 to 9.7 (#358) @dependabot
- build(deps): bump maven-javadoc-plugin from 3.2.0 to 3.3.0 (#359) @dependabot
- build(deps): bump rest-assured.version from 4.3.3 to 4.4.0 (#357) @dependabot
- build(deps): bump spring-boot.version from 2.4.5 to 2.5.0 (#356) @dependabot
- build(deps): bump kotlin.version from 1.5.0 to 1.5.10 (#361) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.5.1 to 9.5.2 (#355) @dependabot
- build(deps): bump kotest.version from 4.5.0 to 4.6.0 (#354) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.5 to 9.5.1 (#352) @dependabot
- build(deps): bump kotest.version from 4.4.3 to 4.5.0 (#350) @dependabot
- build(deps): bump caffeine from 3.0.1 to 3.0.2 (#347) @dependabot
- build(deps): bump maven-compiler-plugin from 3.5.1 to 3.8.1 (#344) @dependabot
- build(deps): bump maven-surefire-plugin from 2.22.1 to 2.22.2 (#346) @dependabot
- build(deps): bump oauth2-oidc-sdk from 9.4 to 9.5 (#345) @dependabot
1.3.7
What's Changed
🐛 Bug Fixes
- fix missing return in assertValidAnnotation in JwtTokenAnnotationHandler (#343) @jan-olaveide
⬆️ Dependency upgrades
- Upgrade to GitHub-native Dependabot (#340) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.32 to 1.5.0 (#338) @dependabot-preview
- build(deps): bump ktor.version from 1.5.3 to 1.5.4 (#342) @dependabot-preview
1.3.6
What's Changed
🚀 Features
- support multiple issuers with one annotation (#333) @jan-olaveide
🧰 Maintenance
JwtTokenAnnationHandler
: Richer exceptions, minor cleanup otherwise (#339) @jan-olaveide
⬆️ Dependency upgrades
- build(deps): bump oauth2-oidc-sdk from 9.3.3 to 9.4 (#334) @dependabot-preview
- build(deps-dev): bump groovy from 3.0.7 to 3.0.8 (#335) @dependabot-preview
- build(deps): bump spring-boot.version from 2.4.4 to 2.4.5 (#331) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 9.3.1 to 9.3.3 (#328) @dependabot-preview
1.3.5
🚀 Features
- client interceptor and matcher using OAuth2AccessTokenService (#318) @jan-olaveide
- Use field injection for ResourceInfo (#329) @jan-olaveide
🧰 Maintenance
- log if no validated tokens and > 0 unvalidated (#317) @jan-olaveide
⬆️ Dependency upgrades
- build(deps): bump ktor.version from 1.5.2 to 1.5.3 (#320) @dependabot-preview
- [Snyk] Security upgrade com.nimbusds:oauth2-oidc-sdk from 9.3 to 9.3.1 (#327) @snyk-bot
1.3.4
What's Changed
- Codeql alerts (#295) @jksolbakken
🚀 Features
- Make token validation filter order configurable with default value HIGHEST_PRECEDENCE (#315) @qtips
- Make the token claim set configurable in MockLoginController (#306) @LarsAndreasNav
- Added support for optional claims and configurable JWKS cache for Ktor (#316) @jksolbakken @tommytroen
⬆️ Dependency upgrades
- build(deps): bump oauth2-oidc-sdk from 9.2.3 to 9.2.4 (#314) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.31 to 1.4.32 (#313) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 9.2.2 to 9.2.3 (#311) @dependabot-preview
- build(deps): bump spring-boot.version from 2.4.3 to 2.4.4 (#310) @dependabot-preview
- build(deps-dev): bump kotest-runner-junit5-jvm from 4.4.1 to 4.4.3 (#307) @dependabot-preview
- build(deps-dev): bump kotest-assertions-core-jvm from 4.4.1 to 4.4.3 (#308) @dependabot-preview
- build(deps): bump caffeine from 3.0.0 to 3.0.1 (#309) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 9.2.1 to 9.2.2 (#305) @dependabot-preview
- build(deps): bump caffeine from 2.8.8 to 3.0.0 (#298) @dependabot-preview
- build(deps): bump okhttp from 4.9.0 to 4.9.1 (#288) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.36 to 9.2.1 (#302) @dependabot-preview
- build(deps): bump spring-boot.version from 2.4.2 to 2.4.3 (#297) @dependabot-preview
- build(deps): bump ktor.version from 1.5.1 to 1.5.2 (#304) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.30 to 1.4.31 (#303) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.21-2 to 1.4.30 (#293) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.35 to 8.36 (#289) @dependabot-preview
- build(deps): bump mockwebserver from 4.9.0 to 4.9.1 (#287) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.34.2 to 8.35 (#284) @dependabot-preview
- build(deps): bump ktor.version from 1.5.0 to 1.5.1 (#286) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.32.1 to 8.34.2 (#283) @dependabot-preview
1.3.3
What's Changed
- meta-annotering ProtectedRestController lagt til, ryddet i tester (#259) @janolaveide
⬆️ Dependency upgrades
- build(deps): use spring managed version of hibernate validator (#266) @dependabot-preview
- build(deps): bump spring-boot.version from 2.3.5.RELEASE to 2.4.2, nimbus-jose-jwt to 8.20.1 and mock-oauth-server to 0.3.0.RC2 (#274) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.30 to 8.33 (#275) @dependabot-preview
- build(deps): bump ktor.version from 1.4.3 to 1.5.0 (#265) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.21 to 1.4.21-2 (#268) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.28.1 to 8.30 (#269) @dependabot-preview
- build(deps): bump rest-assured.version from 4.3.2 to 4.3.3 (#260) @dependabot-preview
1.3.2
What's Changed
🚀 Features
- Better support for meta annotations by using AnnotatedElementUtils.findMergedAnnotation (#255) @janolaveide
⬆️ Dependency upgrades
- build(deps): bump caffeine from 2.8.7 to 2.8.8 (#256) @dependabot-preview
- build(deps): bump caffeine from 2.8.6 to 2.8.7 (#252) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.20 to 1.4.21 (#253) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.26 to 8.28.1 (#250) @dependabot-preview
- build(deps-dev): bump groovy from 3.0.6 to 3.0.7 (#251) @dependabot-preview
- build(deps): bump ktor.version from 1.4.2 to 1.4.3 (#249) @dependabot-preview
- build(deps): bump kotlin.version from 1.4.10 to 1.4.20 (#246) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.25 to 8.26 (#245) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.23.1 to 8.25 (#242) @dependabot-preview
- build(deps): bump rest-assured.version from 4.3.1 to 4.3.2 (#241) @dependabot-preview
- build(deps): bump ktor.version from 1.4.1 to 1.4.2 (#243) @dependabot-preview
- build(deps): bump spring-boot.version from 2.3.4.RELEASE to 2.3.5.RELEASE (#240) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.23 to 8.23.1 (#239) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.22 to 8.23 (#238) @dependabot-preview
- build(deps): bump caffeine from 2.8.5 to 2.8.6 (#237) @dependabot-preview
1.3.1
What's Changed
🚀 Features
- demo: Client demo for Kotlin application using Ktor. (#210) @ybelMekk @tommytroen @tronghn
- feat: Configurable JWKSet cache for each provider. (#216) @ybelMekk @tommytroen
- feat: introduce new module token-validation-spring-test for JUnit tests and local development (#223) @tommytroen
- support for multiple issuers when running locally
- feat: Ability to load client jwk as env or file. (#211) @ybelMekk
- [token-client-*]: Support well-known url if token endpoint url is not set (#205) @tommytroen
🧰 Maintenance
- fix: remove stacktrace from info log about invalid token for an issuer (#220) @ybelMekk
- dep: set lombok scope to provided (#219) @ybelMekk
⬆️ Dependency upgrades
- dep: Update kotlin to 1.4.10 and ktor to 1.4.1 (#233) @ybelMekk
- build(deps): bump hibernate-validator.version from 6.1.5.Final to 6.1.6.Final (#228) @dependabot-preview
- build(deps-dev): bump groovy from 3.0.5 to 3.0.6 (#227) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.21 to 8.22 (#224) @dependabot-preview
- build(deps): bump spring-boot.version from 2.3.3.RELEASE to 2.3.4.RELEASE (#222) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.20 to 8.21 (#218) @dependabot-preview
- build(deps): bump mockwebserver from 4.8.0 to 4.9.0 (#213) @dependabot-preview
- build(deps): bump okhttp from 4.8.0 to 4.9.0 (#212) @dependabot-preview
- build(deps): bump oauth2-oidc-sdk from 8.19 to 8.20 (#217) @dependabot-preview
- build(deps-dev): bump mock-oauth2-server from 0.1.34 to 0.1.35 (#214) @dependabot-preview
- build(deps): bump wiremock from 2.27.1 to 2.27.2 (#209) @dependabot-preview
- build(deps): bump spring-boot.version from 2.3.2.RELEASE to 2.3.3.RELEASE (#200) @dependabot-preview
- build(deps-dev): bump groovy from 3.0.3 to 3.0.5 (#197) @dependabot-preview
1.3.0
What's Changed
🚀 Features
- token-validation-*: look for annotations more robustly, support for meta annotations (#191) @janolaveide
- token-validation-ktor: adding support for token expirythreshold in the ktor-module. (#185) @Robert-Larsen
- token-client-*: implement client for OAuth 2.0 Token Exchange (#180) @ybelMekk @tommytroen
⚠️ Breaking Changes
- feature: implement client for OAuth 2.0 Token Exchange (#180)
- refactor
OnBehalfOfAssertionResolver
interface toJwtBearerTokenResolver
- refactor
⬆️ Dependency upgrades
- Bump rest-assured.version from 4.2.0 to 4.3.1 (#182) @dependabot-preview
- Bump okhttp from 4.7.2 to 4.8.0 (#187) @dependabot-preview
- Bump mockwebserver from 4.7.2 to 4.8.0 (#188) @dependabot-preview
- Bump oauth2-oidc-sdk from 8.9 to 8.19 (#193) @dependabot-preview
- Bump wiremock from 2.26.3 to 2.27.1 (#181) @dependabot-preview
- Bump caffeine from 2.8.4 to 2.8.5 (#175) @dependabot-preview
- Bump spring-boot.version from 2.3.1.RELEASE to 2.3.2.RELEASE (#194) @dependabot-preview