Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Security OAuth 2.0.4.RELEASE is available now in the usual repositories. It's a bug fix release, so upgrading is recommended, but there is also a small set of new features:
OAuth2Request
(and hence OAuth2Authentication
) can now bequeried explicitly to find the grant type for the associated
token. If the token is being refreshed the grant type in the
OAuth2Request
presented to a TokenEnhancer
is the
original grant type, not "refresh_token".
The client authorities are exposed in the "/check_token" endpoint
Password grants are more flexible and open to extension because both client and server can add additional parameters to the request. A custom AuthenticationManager
on the server side should still expect a UsernamePasswordAuthenticationToken
, but the additional parameters will be available in the AuthenticationDetails
. Multi-factor authentication for mobile devices could be implemented in this way, for instance.
Keystore support for JWT token signing and verification.
User provides a Resource and a password and can then lift the
keys out of the store by name. As long as they are RSA keys they
can be injected into a JwtAccessTokenConverter
(using a new
setter).
There were numerous community contributions to this release, for which many thanks!