- change: [jap-sso] Upgrade `kisso` to 3.7.7, **Solve the vulnerability of jackson**.
- change: [jap-sso] Upgrade `kisso` to 3.7.7, **Solve the vulnerability of jackson**.
- change: [jap-mfa] Upgrade `googleauth` to 1.5.0, **Solve the vulnerability of apache httpclient**.
- change: [jap-mfa] Upgrade `googleauth` to 1.5.0, **Solve the vulnerability of apache httpclient**.
- change: Replace the theme of the document site [https://justauth.plus](https://justauth.plus) to solve the problem of
the soaring memory of the document site. (Gitee Issue [I4958H](https://gitee.comfujieidjapissuesI4958H) | Github
Issue [8](https://github.comfujieidjapissues8))
- change: Upgrade `simple-http` to 1.0.5.
- change: Upgrade `simple-http` to 1.0.5.
- change: Upgrade `JustAuth` to 1.16.4.
- change: Upgrade `JustAuth` to 1.16.4.
- change: Optimize code.
- change: Optimize code.
**Note [1]:**
**Note [1]:**
In versions prior to version 1.0.5 of jap, rely on the `HttpServletRequest`, `Cookie`, `HttpServletResponse`, and `HttpSession` under the `javax.servlet.http` package in `jakarta-servlet`, such as:
In versions prior to version 1.0.5 of jap, rely on the `HttpServletRequest`, `Cookie`, `HttpServletResponse`,
and `HttpSession` under the `javax.servlet.http` package in `jakarta-servlet`, such as:
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency of `jakarta-servlet` and adopted a new set of interfaces (reference: [jap-http](https:gitee.comfujieidjap-http) ).
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency
of `jakarta-servlet` and adopted a new set of interfaces (reference: [jap-http](https://gitee.comfujieidjap-http) ).
The developer needs to adapt the original request when calling the JAP interface.
The developer needs to adapt the original request when calling the JAP interface.
...
@@ -37,7 +43,7 @@ For example, if the developer uses `jakarta-servlet`, then the `HttpServletReque
...
@@ -37,7 +43,7 @@ For example, if the developer uses `jakarta-servlet`, then the `HttpServletReque
```java
```java
// Use 1.0.5 or higher version of jap in spring framework
// Use 1.0.5 or higher version of jap in spring framework
- feat: [jap-ids] When `IdsConfig#enableDynamicIssuer` is `true`, custom `context-path` is supported.
- feat: [jap-ids] When `IdsConfig#enableDynamicIssuer` is `true`, custom `context-path` is supported.
- fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new access token". ([#I3XHTK](https://gitee.com/fujieid/jap/issues/I3XHTK))
- fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new
- feat: [jap-oauth2] `Oauth2Strategy` supports the following methods: `refreshToken`, `revokeToken`, `getUserInfo`
- feat: [jap-oauth2] `Oauth2Strategy` supports the following methods: `refreshToken`, `revokeToken`, `getUserInfo`
- fix: [jap-social] Cannot customize `JapCache` and `AuthStateCache` of `SocialStrategy` at the same time. (Github[#6](https://github.com/fujieid/jap/issues/6))
- fix: [jap-social] Cannot customize `JapCache` and `AuthStateCache` of `SocialStrategy` at the same time. (
@@ -116,30 +132,37 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
...
@@ -116,30 +132,37 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
### New features
### New features
-**jap-ids**
-**jap-ids**
- Add the `enableDynamicIssuer` in `IdsConfig`. When `enableDynamicIssuer=true`, jap ids will automatically extract `issuer` from the currently requested domain name.
- Add the `enableDynamicIssuer` in `IdsConfig`. When `enableDynamicIssuer=true`, jap ids will automatically
extract `issuer` from the currently requested domain name.
- Add the `loginPageUrl` in `IdsConfig`:
- Add the `loginPageUrl` in `IdsConfig`:
-`loginPageUrl`: login form page url
-`loginPageUrl`: login form page url
-`loginUrl`: The api url for login
-`loginUrl`: The api url for login
- Add the `externalLoginPageUrl` in `IdsConfig`. when the login page is not provided by an authorized service (the login page is hosted by other services), you need to enable this configuration.
- Add the `externalLoginPageUrl` in `IdsConfig`. when the login page is not provided by an authorized service (the
- Add the `externalConfirmPageUrl` in `IdsConfig`. When the authorization confirmation page is not provided by an authorized service (the authorization confirmation page is hosted by other services), you need to enable this configuration.
login page is hosted by other services), you need to enable this configuration.
- Add the `authorizeAutoApproveUrl` in `IdsConfig`. When the authorize url contains `autoapprove=true`, it will not jump to the `confirmPageUrl`, but will jump directly to the `authorizeAutoApproveUrl`.
- Add the `externalConfirmPageUrl` in `IdsConfig`. When the authorization confirmation page is not provided by an
authorized service (the authorization confirmation page is hosted by other services), you need to enable this
configuration.
- Add the `authorizeAutoApproveUrl` in `IdsConfig`. When the authorize url contains `autoapprove=true`, it will not
jump to the `confirmPageUrl`, but will jump directly to the `authorizeAutoApproveUrl`.
- Add some scopes, such as `profile`, `address`, `read` and `write`.
- Add some scopes, such as `profile`, `address`, `read` and `write`.
- Add the `uid` in the `OauthUtil#createAuthorizeUrl(String, IdsRequestParam)`.
- Add the `uid` in the `OauthUtil#createAuthorizeUrl(String, IdsRequestParam)`.
- Add the `IdsUserStoreService` interface to support custom operations on user data after login.
- Add the `IdsUserStoreService` interface to support custom operations on user data after login.
- Add the `IdsPipeline` interface, developers can customize the process, currently only supports the process of customizing `IdsxxFilter` and `LoginEndpoint`.
- Add the `IdsPipeline` interface, developers can customize the process, currently only supports the process of
customizing `IdsxxFilter` and `LoginEndpoint`.
- Add `SPI` plugin mechanism
- Add `SPI` plugin mechanism
-**jap-social**
-**jap-social**
-`SocialStrategy` provides methods of `refreshToken`, `revokeToken`, and `getUserInfo`
-`SocialStrategy` provides methods of `refreshToken`, `revokeToken`, and `getUserInfo`
### Modified
### Modified
-**jap**
-**jap**
-`javax.servlet-api` -> `jakarta.servlet-api`
-`javax.servlet-api` -> `jakarta.servlet-api`
-**jap-ids**
-**jap-ids**
- Modify `IdsConfig.confirmUrl` to `confirmPageUrl`.
- Modify `IdsConfig.confirmUrl` to `confirmPageUrl`.
- Modify the return value of `ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)` to `IdsResponse<String, Map<String, Object>>`.
- Modify the return value of `ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)`
to `IdsResponse<String, Map<String, Object>>`.
- Modify the return value of `Ap provalEndpoint#authorize(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `Ap provalEndpoint#authorize(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `AuthorizationEndpoint#agree(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `AuthorizationEndpoint#agree(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `LoginEndpoint#signin(HttpServletRequest)` to `IdsResponse<String, String>`.
- Modify the return value of `LoginEndpoint#signin(HttpServletRequest)` to `IdsResponse<String, String>`.
...
@@ -148,8 +171,10 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
...
@@ -148,8 +171,10 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
- Modify the return type of `IdsResponse#getData()` to the specified generic.
- Modify the return type of `IdsResponse#getData()` to the specified generic.
- When `response_type=id_token`, the resulting Claims are returned in the ID Token.
- When `response_type=id_token`, the resulting Claims are returned in the ID Token.
- Optimize the process of `UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest)`, Response UserInfo Claims using Scope Values.
- Optimize the process of `UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest)`, Response UserInfo Claims using
- Modify the `loginByUsernameAndPassword` and `getByName` methods of the `IdsUserService` interface, and add the `clientId` parameter, which can be used to distinguish multi-tenant scenarios
Scope Values.
- Modify the `loginByUsernameAndPassword` and `getByName` methods of the `IdsUserService` interface, and add
the `clientId` parameter, which can be used to distinguish multi-tenant scenarios
### PR
### PR
...
@@ -182,10 +207,13 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
...
@@ -182,10 +207,13 @@ XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new Jakar
- OpenID Connect Discovery
- OpenID Connect Discovery
- JWK Endpoint
- JWK Endpoint
- Custom jwt encryption and decryption certificate
- Custom jwt encryption and decryption certificate
- Support multiple response types, such as: `code`, `token`, `id token`, `id token token`, `code id token`, `code token`, `code id token token`
- Support multiple response types, such as: `code`, `token`, `id token`, `id token token`, `code id token`
, `code token`, `code id token token`
- ...
- ...
For more details about the use of `jap-ids`, please refer to the sample project: [jap-ids-demo](https://gitee.com/fujieid/jap-ids-demo), or refer to the document: [IDS OAuth 2.0 服务端](https://justauth.plus/ids/)
For more details about the use of `jap-ids`, please refer to the sample
project: [jap-ids-demo](https://gitee.com/fujieid/jap-ids-demo), or refer to the