The OAuth2.1 -based authorization server Spring Authorization Server 0.3.0 was officially released today, and there are several highlights in this update.
The document is officially online
The documentation of Spring Authorization Server has been officially released with this update, and is now available on the Spring official website.
The address is: https://spring.io/projects/spring-authorization-server
The document currently contains the following important modules:
-
Project Overview: Introduction and list of features.
-
Get help: examples, FAQs, and issues .
-
Getting Started: System requirements, dependencies and guide you through developing your first application.
-
Configuration models: Default configuration and custom configuration.
-
Core Model/Component: Introduction to the core domain model and component interface.
-
Protocol Endpoints: Implementations of OAuth2 and OIDC 1.0 protocol endpoints.
-
Usage Guide: A guide to Spring Authorization Server .
Breaking changes in 0.3.0
-
Change an interface containing only constants to a final class.
-
Move under the token package.
OAuth2TokenCustomizer -
Remove deprecated feature code marked as .
@Deprecation -
Removed and related classes.
JwtEncoder -
Removed in the token context builder .
OAuth2TokenClaimsContext.Builder.claims() -
Remove the claim accessor in token introspection .
OAuth2TokenIntrospectionClaimAccessor -
Remove support for PKCE types in OAuth2 .
plaincode_challenge_method
For more new features, please refer to the 0.3.0 changelog .
Dependency upgrade
This release supports the just-released Spring Boot 2.7.0 and Spring Security 5.7.1
-
Update to com.squareup.okhttp3:4.9.3
-
Update to jackson-bom:2.13.3
-
Update to mockito-core:4.5.1
-
Update to nimbus-jose-jwt:9.22
-
Update to Spring Boot 2.7.0
-
Update to Spring Framework 5.3.20
-
Update to Spring Security 5.7.1
new contributor
Two new contributors ( Contributor ) have been added in this release :