- change: [jap-sso] Upgrade `kisso` to 3.7.7, **Solve the vulnerability of jackson**.
- change: [jap-mfa] Upgrade `googleauth` to 1.5.0, **Solve the vulnerability of apache httpclient**.
- change: Replace the theme of the document site [https://justauth.plus](https://justauth.plus) to solve the problem of
the soaring memory of the document site. (Gitee Issue [I4958H](https://gitee.comfujieidjapissuesI4958H) | Github
Issue [8](https://github.comfujieidjapissues8))
- change: Upgrade `simple-http` to 1.0.5.
- change: Upgrade `JustAuth` to 1.16.4.
- change: Optimize code.
**Note [1]:**
In versions prior to version 1.0.5 of jap, rely on the `HttpServletRequest`, `Cookie`, `HttpServletResponse`, and `HttpSession` under the `javax.servlet.http` package in `jakarta-servlet`, such as:
In versions prior to version 1.0.5 of jap, rely on the `HttpServletRequest`, `Cookie`, `HttpServletResponse`,
and `HttpSession` under the `javax.servlet.http` package in `jakarta-servlet`, such as:
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency of `jakarta-servlet` and adopted a new set of interfaces (reference: [jap-http](https:gitee.comfujieidjap-http) ).
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency
of `jakarta-servlet` and adopted a new set of interfaces (reference: [jap-http](https://gitee.comfujieidjap-http) ).
The developer needs to adapt the original request when calling the JAP interface.
...
...
@@ -37,7 +43,7 @@ For example, if the developer uses `jakarta-servlet`, then the `HttpServletReque
```java
// Use 1.0.5 or higher version of jap in spring framework
- feat: [jap-ids] When `IdsConfig#enableDynamicIssuer` is `true`, custom `context-path` is supported.
- fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new access token". ([#I3XHTK](https://gitee.com/fujieid/jap/issues/I3XHTK))
- fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new
- feat: [jap-oauth2] `Oauth2Strategy` supports the following methods: `refreshToken`, `revokeToken`, `getUserInfo`
- fix: [jap-social] Cannot customize `JapCache` and `AuthStateCache` of `SocialStrategy` at the same time. (Github[#6](https://github.com/fujieid/jap/issues/6))
- fix: [jap-social] Cannot customize `JapCache` and `AuthStateCache` of `SocialStrategy` at the same time. (
@@ -116,30 +132,37 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
### New features
-**jap-ids**
- Add the `enableDynamicIssuer` in `IdsConfig`. When `enableDynamicIssuer=true`, jap ids will automatically extract `issuer` from the currently requested domain name.
- Add the `enableDynamicIssuer` in `IdsConfig`. When `enableDynamicIssuer=true`, jap ids will automatically
extract `issuer` from the currently requested domain name.
- Add the `loginPageUrl` in `IdsConfig`:
-`loginPageUrl`: login form page url
-`loginUrl`: The api url for login
- Add the `externalLoginPageUrl` in `IdsConfig`. when the login page is not provided by an authorized service (the login page is hosted by other services), you need to enable this configuration.
- Add the `externalConfirmPageUrl` in `IdsConfig`. When the authorization confirmation page is not provided by an authorized service (the authorization confirmation page is hosted by other services), you need to enable this configuration.
- Add the `authorizeAutoApproveUrl` in `IdsConfig`. When the authorize url contains `autoapprove=true`, it will not jump to the `confirmPageUrl`, but will jump directly to the `authorizeAutoApproveUrl`.
- Add the `externalLoginPageUrl` in `IdsConfig`. when the login page is not provided by an authorized service (the
login page is hosted by other services), you need to enable this configuration.
- Add the `externalConfirmPageUrl` in `IdsConfig`. When the authorization confirmation page is not provided by an
authorized service (the authorization confirmation page is hosted by other services), you need to enable this
configuration.
- Add the `authorizeAutoApproveUrl` in `IdsConfig`. When the authorize url contains `autoapprove=true`, it will not
jump to the `confirmPageUrl`, but will jump directly to the `authorizeAutoApproveUrl`.
- Add some scopes, such as `profile`, `address`, `read` and `write`.
- Add the `uid` in the `OauthUtil#createAuthorizeUrl(String, IdsRequestParam)`.
- Add the `IdsUserStoreService` interface to support custom operations on user data after login.
- Add the `IdsPipeline` interface, developers can customize the process, currently only supports the process of customizing `IdsxxFilter` and `LoginEndpoint`.
- Add the `IdsPipeline` interface, developers can customize the process, currently only supports the process of
customizing `IdsxxFilter` and `LoginEndpoint`.
- Add `SPI` plugin mechanism
-**jap-social**
-`SocialStrategy` provides methods of `refreshToken`, `revokeToken`, and `getUserInfo`
### Modified
-**jap**
-`javax.servlet-api` -> `jakarta.servlet-api`
-**jap-ids**
- Modify `IdsConfig.confirmUrl` to `confirmPageUrl`.
- Modify the return value of `ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)` to `IdsResponse<String, Map<String, Object>>`.
- Modify the return value of `ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)`
to `IdsResponse<String, Map<String, Object>>`.
- Modify the return value of `Ap provalEndpoint#authorize(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `AuthorizationEndpoint#agree(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `LoginEndpoint#signin(HttpServletRequest)` to `IdsResponse<String, String>`.
...
...
@@ -148,8 +171,10 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
- Modify the return type of `IdsResponse#getData()` to the specified generic.
- When `response_type=id_token`, the resulting Claims are returned in the ID Token.
- Optimize the process of `UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest)`, Response UserInfo Claims using Scope Values.
- Modify the `loginByUsernameAndPassword` and `getByName` methods of the `IdsUserService` interface, and add the `clientId` parameter, which can be used to distinguish multi-tenant scenarios
- Optimize the process of `UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest)`, Response UserInfo Claims using
Scope Values.
- Modify the `loginByUsernameAndPassword` and `getByName` methods of the `IdsUserService` interface, and add
the `clientId` parameter, which can be used to distinguish multi-tenant scenarios
### PR
...
...
@@ -182,10 +207,13 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
- OpenID Connect Discovery
- JWK Endpoint
- Custom jwt encryption and decryption certificate
- Support multiple response types, such as: `code`, `token`, `id token`, `id token token`, `code id token`, `code token`, `code id token token`
- Support multiple response types, such as: `code`, `token`, `id token`, `id token token`, `code id token`
, `code token`, `code id token token`
- ...
For more details about the use of `jap-ids`, please refer to the sample project: [jap-ids-demo](https://gitee.com/fujieid/jap-ids-demo), or refer to the document: [IDS OAuth 2.0 服务端](https://justauth.plus/ids/)
For more details about the use of `jap-ids`, please refer to the sample
project: [jap-ids-demo](https://gitee.com/fujieid/jap-ids-demo), or refer to the