1.0.0

⭐ New Features

• Merge enhancements from 0.4.x into main #982

🔨 Dependency Upgrades

• Update to Spring Security 6.0.0 #981
• Update to hsqldb 2.7.1 #976
• Update to jackson-bom 2.14.0 #975
• Update to Spring Boot 3.0.0-RC2 #974
• Update to Spring Framework 6.0.0 #972
• Update to jakarta.servlet-api 6.0.0 #965

0.4.0

⭐ New Features

• Upgrade to JUnit 5 #964
• Update links to current version of OAuth 2.1 #960
• Assert unique identifiers in JdbcRegisteredClientRepository #959
• Add logging #956
• ref-doc: Document Jwt Client Assertion Validation #945
• ref-doc: Add configuration for userinfo endpoint to Getting Started example #917
• Reject client authentication where client_id has non-printable ASCII characters #889
• ref-doc: Document Authorization Request Validation #858
• Add logging #159

🔨 Dependency Upgrades

• Update to jackson-bom 2.14.0 #980
• Update to Spring Security 5.8.0 #979
• Update to Spring Framework 5.3.24 #978

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @sjohnr
• @smhjamalii

1.0.0-RC1

⭐ New Features

• Merge enhancements from 0.4.x into main #954
• Add @configuration with @EnableWebSecurity #935
• Use AuthorizationFilter #934
• Use SecurityContextRepository.loadDeferredContext() #933
• Use securityMatcher() and authorizeHttpRequests() #922

🔨 Dependency Upgrades

• Downgrade to jackson-bom:2.13.4.20221013 #952
• Update to hsqldb:2.7.0 #938
• Update to mockito-core:4.8.1 #937
• Update to jackson-bom:2.14.0-rc2 #936
• Update to Spring Security 6.0.0-RC1 #932
• Update to Spring Framework 6.0.0-RC2 #931
• Update to Spring Boot 3.0.0-RC1 #930
• Update Gradle Enterprise plugin to 3.11.1 #894

⏪ Non-passive

• Merge non-passive changes from 0.4.x into main #953

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @jprinet

0.4.0-RC1

⭐ New Features

• Improve customizing OIDC Client Registration endpoint #946
• Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944
• Extract OIDC client configuration implementation #941
• Update OAuth 2.1 spec link in README.adoc #940
• Improve customizing OIDC UserInfo endpoint #929
• OidcUserInfo Change PhoneNumberVerified Field to Boolean #923
• Improve customizing OIDC UserInfo endpoint #785
• Allow ability to customize RegisteredClient during registration #696

🪲 Bug Fixes

• Fix URL encoding for authorization request state parameter #920
• State parameter does not handle plus sign properly #875

🔨 Dependency Upgrades

• Update to mockito-core:4.8.1 #951
• Update to jackson-bom:2.13.4.20221013 #950
• Update to Spring Security 5.8.0-RC1 #949
• Update to Spring Boot 2.7.5 #948

⏪ Non-passive

• OpenID Connect 1.0 should be disabled by default #928

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @octopusthu
• @Kehrlann
• @backjo

1.0.0-M2

⭐ New Features

• Merge enhancements from 0.4.x into main #906

🔨 Dependency Upgrades

• Update to mockito-core:4.8.0 #911
• Update to jackson-bom:2.13.4 #910
• Update to nimbus-jose-jwt:9.24.4 #909
• Update to Spring Security 6.0.0-M7 #908
• Update to Spring Framework 6.0.0-M6 #907

⏪ Non-passive

• Merge non-passive changes from 0.4.x into main #905

0.4.0-M2

⭐ New Features

• Return registration_endpoint in OidcProviderConfigurationEndpointFilter #881
• Allow customizing Authorization Server Metadata Response #878
• validate client secret expired or not #862
• Check client secret not expired in ClientSecretAuthenticationProvider #850
• Use configured ID Token signature algorithm #787
• Ability to modify OIDC provider configuration #616
• Allow adding an AuthenticationProvider and AuthenticationConverter #417
• Return registration_endpoint in OidcProviderConfigurationEndpointFilter #370

🔨 Dependency Upgrades

• Update to okhttp:4.10.0 #904
• Update to mockito-core:4.8.0 #903
• Update to assertj-core:3.23.1 #902
• Update to jackson-bom:2.13.4 #901
• Update to nimbus-jose-jwt:9.24.4 #900
• Update to Spring Security 5.8.0-M3 #899
• Update to Spring Framework 5.3.23 #898

⏪ Non-passive

• Decompose OAuth2AuthorizationCodeRequestAuthenticationProvider #896
• Remove OAuth2AuthenticationValidator #891
• Make OAuth2AuthenticationContext an interface #890
• Remove constructor in OidcProviderConfigurationEndpointFilter #869
• Remove constructor in OAuth2AuthorizationServerMetadataEndpointFilter #868
• Make AuthorizationServerContext an interface #867
• Make AuthorizationServerContextFilter private #866
• Rename ProviderContext #865
• Rename ProviderSettings #864

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @doctormacky
• @721806280
• @sahariardev

1.0.0-M1

⭐ New Features

• Upgrade to Gradle 7.4.2 #833
• Upgrade to Java 17 #832

🔨 Dependency Upgrades

• Update to org.hsqldb:hsqldb:2.6.1 #843
• Update to com.squareup.okhttp3:okhttp:4.10.0 #842
• Update to mockito-core:4.6.1 #841
• Update to assertj-core:3.23.1 #840
• Update to nimbus-jose-jwt:9.23 #839
• Update to jakarta.servlet-api:5.0.0 #838
• Update to thymeleaf-extras-springsecurity6 #837
• Update to Spring Security 6.0.0-M6 #836
• Update to Spring Framework 6.0.0-M5 #835
• Update to Spring Boot 3.0.0-M4 #834

0.4.0-M1

⭐ New Features

• Enhance samples to call UserInfo endpoint #847
• Update custom consent page sample #802
• Add the time-to-live config for an authorization code at TokenSettings #786
• Allow configuration for authorization code time-to-live #642

🪲 Bug Fixes

• Registered scopes should not be defaulted for client_credentials grant #780
• Make the default scope empty for client_credentials grant #738

🔨 Dependency Upgrades

• Update to nimbus-jose-jwt:9.23 #857
• Update to Spring Security 5.8.0-M2 #856
• Update to Spring Framework 5.3.22 #855
• Update Gradle Enterprise plugin #788

⏪ Non-passive

• Remove generic type from OAuth2AuthorizationServerConfigurer #831
• Remove OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME #829
• Rename JwtEncodingContext.getHeaders() to getJwsHeader() #826
• Make builders final for AbstractSettings implementations #825
• Make OAuth2TokenIntrospectionEndpointConfigurer.getRequestMatcher() package-private #824
• Relocate and rename Version #823
• Relocate OAuth2TokenFormat #822
• Relocate OAuth2TokenType #821
• Relocate OAuth2AuthorizationCode #820
• Relocate OAuth2TokenIntrospection #819
• Relocate OidcUserInfoHttpMessageConverter #818
• Relocate OidcClientRegistration #817
• Relocate OidcProviderConfiguration #816
• Relocate OAuth2AuthorizationServerMetadata #815
• Relocate classes out from oauth2.core.context package #814
• Relocate classes out from oauth2.core.authentication package #813
• Relocate classes out from oauth2.core package #812
• Move AbstractSettings implementations to settings package #811
• Relocate classes out from config.annotation package #810

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @jprinet
• @appchemist
• @wingzero0
• @yonyes

0.3.1

⭐ New Features

• OpenID Provider Configuration response should return introspection_endpoint #779
• Add authenticationDetailsSource to AuthorizationEndpointFilter #768
• Add the possibility to add at_hash claim to ID Token #744
• Add token revocation endpoint to OpenID Provider Configuration endpoint #710
• OpenID Provider Configuration endpoint should include the revocation token endpoint #687
• Improve error message when redirect_uri contains localhost #680

🪲 Bug Fixes

• PKCE token request with no code_challenge_method results in 400 with "server_error" #770

🔨 Dependency Upgrades

• Downgrade to hsqldb:2.5.2 #771

⏪ Non-passive

• Downgrade to Java 8 #761

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @appchemist
• @Kehrlann

0.3.0

⏪ Breaking Changes

• Change interface that only contain constants to final class #728
• Move OAuth2TokenCustomizer to token package #730
• Remove deprecations #732
• Remove JwtEncoder and associated classes #724
• Remove OAuth2TokenClaimsContext.Builder.claims() #731
• Remove OAuth2TokenIntrospectionClaimAccessor #725
• Remove support for "plain" code_challenge_method parameter (PKCE) #756
• Upgrade to Java 11 #694

⭐ New Features

• Add asciidoctor support for building documentation #690
• Add copyright notice to docs #742
• Add docs outline with Antora skeleton #554
• Add reference documentation #499
• Deploy documentation artifacts to docs.spring.io #695
• Enhance validation for configured Issuer #649
• How-to: Customize the OpenID Connect 1.0 UserInfo response #537
• How-to: Implement the core services with JPA #545
• ref-doc: Document Configuration Model #670
• ref-doc: Document Core Model / Components #671
• ref-doc: Document Getting Help #668
• ref-doc: Document Getting Started #669
• ref-doc: Document Overview #667
• ref-doc: Document Protocol Endpoints #672
• ref-doc: Reorganize the feature list #708
• Remove temporary OAuth2AccessTokenResponseHttpMessageConverter #726
• Simplify authorization server filter chain in samples #707
• Switch from Jenkins to GitHub Actions #691
• Update jdk version in Prerequisites #693
• Upgrade to Gradle 7 #572
• Use OAuth2ErrorCodes.INVALID_REDIRECT_URI #727
• Use OAuth2Token instead of AbstractOAuth2Token #733

🪲 Bug Fixes

• Javadoc search feature is broken in Java 11 #711
• There is a bug in the JPA usage guide code provided #697

🔨 Dependency Upgrades

• Update to com.squareup.okhttp3:4.9.3 #755
• Update to jackson-bom:2.13.3 #752
• Update to mockito-core:4.5.1 #754
• Update to nimbus-jose-jwt:9.22 #753
• Update to Spring Boot 2.7.0 #749
• Update to Spring Framework 5.3.20 #750
• Update to Spring Security 5.7.1 #751

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @appchemist
• @NotFound403