1.4.0-M2

⭐ New Features

• Add convenience method for invalidating an OAuth2Token #1717
• How-to: Implement core services with JSON-backed store #1019

🔨 Dependency Upgrades

• Update to nimbus-jose-jwt 9.41.1 #1722
• Update to Spring Framework 6.2.0-RC1 #1720
• Update to Spring Security 6.4.0-M4 #1721

1.4.0-M1

⭐ New Features

• Add authenticationDetailsSource to OAuth2TokenRevocationEndpointFilter #1667
• Allow customizing LogoutHandler in OidcLogoutEndpointFilter #1244
• Support OpenID Connect 1.0 prompt=none parameter #501

🔨 Dependency Upgrades

• Update to assertj-core 3.26.3 #1706
• Update to jackson-bom 2.17.2 #1703
• Update to junit-jupiter 5.11.0 #1705
• Update to nimbus-jose-jwt 9.40 #1704
• Update to Spring Framework 6.2.0-M7 #1701
• Update to Spring Security 6.4.0-M2 #1702

❤️ Contributors

Thank you to all the contributors who worked on this release:

@sealte

1.3.2

🪲 Bug Fixes

• Can't register multiple public clients (clientAuthenticationMethod=none) #1657
• Fix empty code parameter in CodeVerifierAuthenticator #1685
• Fix json deserialization of multi-valued authorization request parameters #1683

🔨 Dependency Upgrades

• Update to jackson-bom 2.17.2 #1699
• Update to junit-jupiter 5.10.3 #1700
• Update to Spring Framework 6.1.12 #1697
• Update to Spring Security 6.3.2 #1698

❤️ Contributors

Thank you to all the contributors who worked on this release:

@MrJovanovic13 and @aijazkeerio

1.2.6

🪲 Bug Fixes

• Can't register multiple public clients (clientAuthenticationMethod=none) #1641
• Fix empty code parameter in CodeVerifierAuthenticator #1680
• Fix json deserialization of multi-valued authorization request parameters #1676

🔨 Dependency Upgrades

• Update to junit-jupiter 5.10.3 #1696
• Update to Spring Framework 6.1.12 #1694
• Update to Spring Security 6.2.6 #1695

❤️ Contributors

Thank you to all the contributors who worked on this release:

@MrJovanovic13 and @aijazkeerio

1.3.1

🪲 Bug Fixes

• Fix AOT hints for OAuth 2.0 Token Exchange #1630
• X509 client certificate authentication enforces client_id without checking on client authentication method #1635

🔨 Dependency Upgrades

• Update to nimbus-jose-jwt 9.39.3 #1651
• Update to org.hsqldb:hsqldb 2.7.3 #1652
• Update to Spring Framework 6.1.9 #1649
• Update to Spring Security 6.3.1 #1650

❤️ Contributors

Thank you to all the contributors who worked on this release:

@nwholloway

1.2.5

🔨 Dependency Upgrades

• Update to org.hsqldb:hsqldb 2.7.3 #1648
• Update to Spring Framework 6.1.9 #1646
• Update to Spring Security 6.2.5 #1647
• Update to spring-security-release-plugin 1.0.3 #1595

1.3.0

⭐ New Features

• Enable refresh of JwkSet in X509SelfSignedCertificateVerifier #1599
• How-to: Implement multi-tenancy #663
• Path component for issuer identifier should be disabled by default #1611
• ref-doc: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens #1561

🔨 Dependency Upgrades

• Update to jackson-bom 2.17.1 #1620
• Update to nimbus-jose-jwt 9.39.1 #1621
• Update to org.bouncycastle 1.78.1 #1622
• Update to Spring Framework 6.1.7 #1618
• Update to Spring Security 6.3 #1619
• Update to spring-security-release-plugin 1.0.3 #1596

1.3.0-RC1

⭐ New Features

• Add Mutual-TLS Client Certificate-Bound Access Tokens #1560
• Add Self-Signed Certificate Mutual-TLS client authentication method #1559
• Provide more flexibility on when to display consent page #1552

🔨 Dependency Upgrades

• Update to org.bouncycastle 1.78 #1593
• Update to Spring Framework 6.1.6 #1591
• Update to Spring Security 6.3.0-RC1 #1592
• Update to Spring Security 6.3.0-SNAPSHOT #1586

❤️ Contributors

Thank you to all the contributors who worked on this release:

@MrJovanovic13

1.2.4

🔨 Dependency Upgrades

• Update to Spring Framework 6.1.6 #1589
• Update to Spring Security 6.2.4 #1590

1.1.7

🔨 Dependency Upgrades

• Update to Spring Framework 6.0.19 #1587
• Update to Spring Security 6.1.9 #1588