You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)`.
3989
+
3990
+
[NOTE]
3991
+
====
3992
+
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
3993
+
====
3994
+
3995
+
==== `OidcUserInfo`
3996
+
3997
+
The method `phoneNumberVerified(String)` can be replaced with `phoneNumberVerified(Boolean)`.
3998
+
3999
+
==== `OAuth2AuthorizedClientArgumentResolver`
4000
+
4001
+
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)`.
4002
+
4003
+
[NOTE]
4004
+
====
4005
+
See xref:servlet/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
4006
+
====
4007
+
4008
+
==== `ClaimAccessor`
4009
+
4010
+
The method `containsClaim(...)` can be replaced with `hasClaim(...)`.
4011
+
4012
+
==== `OidcClientInitiatedLogoutSuccessHandler`
4013
+
4014
+
The method `setPostLogoutRedirectUri(URI)` can be replaced with `setPostLogoutRedirectUri(String)`.
The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacement.
4019
+
4020
+
==== `AuthorizationRequestRepository`
4021
+
4022
+
The method `removeAuthorizationRequest(HttpServletRequest)` can be replaced with `removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)`.
4023
+
4024
+
==== `ClientRegistration`
4025
+
4026
+
The method `getRedirectUriTemplate()` can be replaced with `getRedirectUri()`.
4027
+
4028
+
==== `ClientRegistration.Builder`
4029
+
4030
+
The method `redirectUriTemplate(...)` can be replaced with `redirectUri(...)`.
4031
+
4032
+
==== `AbstractOAuth2AuthorizationGrantRequest`
4033
+
4034
+
The constructor `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType)` can be replaced with `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration)`.
4035
+
4036
+
==== `ClientAuthenticationMethod`
4037
+
4038
+
The static field `BASIC` can be replaced with `CLIENT_SECRET_BASIC`.
4039
+
4040
+
The static field `POST` can be replaced with `CLIENT_SECRET_POST`.
The field `tokenResponseConverter` has no direct replacement.
4045
+
4046
+
The method `setTokenResponseConverter(...)` can be replaced with `setAccessTokenResponseConverter(...)`.
4047
+
4048
+
The field `tokenResponseParametersConverter` has no direct replacement.
4049
+
4050
+
The method `setTokenResponseParametersConverter(...)` can be replaced with `setAccessTokenResponseParametersConverter(...)`.
4051
+
4052
+
==== `NimbusAuthorizationCodeTokenResponseClient`
4053
+
4054
+
The class `NimbusAuthorizationCodeTokenResponseClient` can be replaced with `DefaultAuthorizationCodeTokenResponseClient`.
4055
+
4056
+
==== `NimbusJwtDecoderJwkSupport`
4057
+
4058
+
The class `NimbusJwtDecoderJwkSupport` can be replaced with `NimbusJwtDecoder` or `JwtDecoders`.
4059
+
4060
+
==== `ImplicitGrantConfigurer`
4061
+
4062
+
The class `ImplicitGrantConfigurer` has no direct replacement.
4063
+
4064
+
[WARNING]
4065
+
====
4066
+
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
4067
+
====
4068
+
4069
+
==== `AuthorizationGrantType`
4070
+
4071
+
The static field `IMPLICIT` has no direct replacement.
4072
+
4073
+
[WARNING]
4074
+
====
4075
+
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
4076
+
====
4077
+
4078
+
==== `OAuth2AuthorizationResponseType`
4079
+
4080
+
The static field `TOKEN` has no direct replacement.
4081
+
4082
+
[WARNING]
4083
+
====
4084
+
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
4085
+
====
4086
+
4087
+
==== `OAuth2AuthorizationRequest`
4088
+
4089
+
The static method `implicit()` has no direct replacement.
4090
+
4091
+
[WARNING]
4092
+
====
4093
+
Use of the `implicit` grant type is not recommended and all related support is removed in Spring Security 6.
4094
+
====
4095
+
4096
+
=== Deprecations in OAuth2 Resource Server
4097
+
4098
+
In Spring Security 6, deprecated classes and methods were removed from xref:servlet/oauth2/resource-server/index.adoc[OAuth2 Resource Server].
4099
+
Each deprecation is listed below, along with a direct replacement.
4100
+
4101
+
==== `JwtAuthenticationConverter`
4102
+
4103
+
The method `extractAuthorities(...)` can be replaced with `JwtGrantedAuthoritiesConverter#convert(...)`.
4104
+
3975
4105
== Reactive
3976
4106
3977
4107
=== Use `AuthorizationManager` for Method Security
@@ -4142,3 +4272,28 @@ http {
4142
4272
==== Opt-out Steps
4143
4273
4144
4274
To opt-out of the 6.0 defaults and instead continue to pass `AuthenticationServiceException` on to ``ServerAuthenticationEntryPoint``s, you can follow the same steps as above, except set `rethrowAuthenticationServiceException` to false.
The method `setClientCredentialsTokenResponseClient(...)` can be replaced with the constructor `ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)`.
4287
+
4288
+
[NOTE]
4289
+
====
4290
+
See xref:reactive/oauth2/client/authorization-grants.adoc#oauth2Client-client-creds-grant[Client Credentials] for more information.
The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`.
0 commit comments