2.1.30 (2023-11-20)
Merged pull requests:
2.1.29 (2023-11-19)
Merged pull requests:
2.1.28 (2023-10-24)
Merged pull requests:
- Fix path dockerfile #377 (atmoshaman)
2.1.27 (2023-10-04)
Merged pull requests:
2.1.26 (2023-08-17)
Merged pull requests:
2.1.25 (2023-08-08)
Merged pull requests:
2.1.24 (2023-08-07)
Merged pull requests:
2.1.23 (2023-07-11)
Merged pull requests:
2.1.22 (2023-06-23)
Merged pull requests:
2.1.21 (2023-06-22)
Merged pull requests:
2.1.20 (2023-06-17)
Merged pull requests:
2.1.19 (2023-06-05)
Merged pull requests:
2.1.18 (2023-05-06)
Merged pull requests:
2.1.17 (2023-05-05)
Merged pull requests:
2.1.16 (2023-04-28)
Merged pull requests:
2.1.15 (2023-04-19)
Merged pull requests:
2.1.14 (2023-04-19)
Merged pull requests:
2.1.13 (2023-04-19)
Merged pull requests:
2.1.12 (2023-04-14)
Merged pull requests:
2.1.11 (2023-04-10)
Merged pull requests:
2.1.10 (2023-04-06)
Merged pull requests:
2.1.9 (2023-03-31)
Merged pull requests:
2.1.8 (2023-03-06)
Merged pull requests:
2.1.7 (2023-02-14)
Merged pull requests:
2.1.6 (2023-02-06)
Merged pull requests:
2.1.5 (2023-01-04)
Merged pull requests:
- Bump mysql-connector-java from 8.0.16 to 8.0.28 #355 (dependabot)
- Bump postgresql from 42.4.1 to 42.4.3 #364 (dependabot)
- fixes #367 update code module to externalize ldap.yml to values.yml #368 (stevehu)
- fixes #365 move the ldap to the ldap-util module in light-4j #366 (stevehu)
2.1.4 (2022-11-30)
Merged pull requests:
2.1.3 (2022-11-10)
Merged pull requests:
2.1.2 (2022-10-23)
Merged pull requests:
- fixes #362 disable LDAP test case with ApacheDirectoryServer #363 (stevehu)
- fixes #359 update key test case to meet the requirement for multiple … #360 (stevehu)
- Bump postgresql from 42.3.3 to 42.4.1 #357 (dependabot)
- fixes #353 update the key service to use SecurityConfig #354 (stevehu)
2.1.1 (2022-04-26)
Merged pull requests:
- fixes #350 down port the jwk implementation from oauth-kafka in key s… #351 (stevehu)
- fixes #348 update bootstrap token test case for the wrong scope #349 (stevehu)
- fixes #346 change the default bootstrapScope to portal.w in oauth-tok… #347 (stevehu)
- Bump hazelcast from 4.2.4 to 5.1 #345 (dependabot)
- fixes #343 upgrade hazelcast-kubernetes to 2.2.3 from 1.1.0 to resolv… #344 (stevehu)
2.1.0 (2022-02-28)
Merged pull requests:
- Bump postgresql from 42.2.25 to 42.3.3 #342 (dependabot)
- Bump postgresql from 9.4.1211 to 42.2.25 #341 (dependabot)
- fixes #339 upgrade hazelcast to 4.2.4 and change the packages #340 (stevehu)
- Bump hazelcast from 3.12 to 4.0.5 #338 (dependabot)
- Bump h2 from 2.0.206 to 2.1.210 #337 (dependabot)
- fixes #335 update the h2 drop table sequence to avoid constrain error #336 (stevehu)
- fixes #333 update the cache module server.yml to use h2 in memory ins… #334 (stevehu)
- Bump h2 from 1.4.196 to 2.0.206 #332 (dependabot)
2.0.32 (2021-10-19)
Merged pull requests:
2.0.31 (2021-09-22)
Merged pull requests:
- Bump tmpl from 1.0.4 to 1.0.5 in /login-view #327 (dependabot)
- fixes #325 implement a new grant type bootstrap_token to create long-… #326 (stevehu)
2.0.30 (2021-08-24)
Merged pull requests:
- Bump url-parse from 1.5.1 to 1.5.3 in /login-view #324 (dependabot)
- Bump path-parse from 1.0.6 to 1.0.7 in /login-view #323 (dependabot)
2.0.29 (2021-07-25)
Merged pull requests:
- fixes #321 potential NPE when users follow the tutorial with curl com… #322 (stevehu)
- fixes #318 update TestServer to replace Server.config with Server.get… #319 (stevehu)
2.0.28 (2021-06-27)
Merged pull requests:
- Bump color-string from 1.5.3 to 1.5.5 in /login-view #316 (dependabot)
- Bump ws from 5.2.2 to 5.2.3 in /login-view #317 (dependabot)
- Bump merge-deep from 3.0.2 to 3.0.3 in /login-view #315 (dependabot)
- Bump dns-packet from 1.3.1 to 1.3.4 in /login-view #314 (dependabot)
2.0.27 (2021-05-25)
Merged pull requests:
- Bump hosted-git-info from 2.8.8 to 2.8.9 in /login-view #313 (dependabot)
- Bump url-parse from 1.4.7 to 1.5.1 in /login-view #312 (dependabot)
- fixes #310 rollback the change to the parent pom.xml to recover autho… #311 (stevehu)
2.0.26 (2021-04-27)
Merged pull requests:
- Bump elliptic from 6.5.3 to 6.5.4 in /login-view #307 (dependabot)
- Bump ssri from 6.0.1 to 6.0.2 in /login-view #308 (dependabot)
2.0.25 (2021-03-28)
Merged pull requests:
2.0.24 (2021-02-24)
Merged pull requests:
- Bump version.jackson from 2.10.4 to 2.12.1 #304 (dependabot)
2.0.23 (2021-01-29)
Merged pull requests:
2.0.22 (2020-12-23)
Merged pull requests:
- Bump ini from 1.3.5 to 1.3.7 in /login-view #303 (dependabot)
2.0.21 (2020-11-25)
Merged pull requests:
- fixes #301 update server.yml to add keystore and truststore passwords #302 (stevehu)
- fixes #299 add password to the jwt.yml as the secret.yml is removed #300 (stevehu)
2.0.20 (2020-11-05)
Merged pull requests:
2.0.19 (2020-11-01)
Merged pull requests:
- Bump junit from 4.12 to 4.13.1 #298 (dependabot)
2.0.18 (2020-10-01)
Merged pull requests:
2.0.17 (2020-08-28)
Merged pull requests:
2.0.16 (2020-08-01)
Merged pull requests:
- Bump websocket-extensions from 0.1.3 to 0.1.4 in /login-view #271 (dependabot)
- Bump elliptic from 6.5.2 to 6.5.3 in /login-view #287 (dependabot)
- fixes #282 update Oauth2ClientGetHandler to start page from 0 instead… #283 (stevehu)
- fixes #280 exclude module-info.class in the shade plugin to avoid dup… #281 (stevehu)
- fixes #278 add total to the Oauth2ClientGetHandler to support UI pagi… #279 (stevehu)
2.0.15 (2020-07-01)
Merged pull requests:
- fixes #275 add host to client and service table for multi-tenancy sup… #276 (stevehu)
- fixes #273 remove the temporary version.jackson-databind in the pom.xml #274 (stevehu)
2.0.14 (2020-05-29)
Merged pull requests:
2.0.13 (2020-05-01)
Merged pull requests:
- fixes #266 use fake account to return error message so that code serv… #267 (stevehu)
- fixes #264 remove console log from login-view #265 (stevehu)
- fixes #262 update Dockerfile to resolve the warning of Hazelcast for … #263 (stevehu)
- fixes #260 add jdk.management module to the Dockerfile for Hazelcast #261 (stevehu)
- fixes #258 update LightPortalAuthenticator to handle the downstream a… #259 (stevehu)
- fixes #256 add start_time to refresh_token table with default #257 (stevehu)
- fixes #254 add remember to the refresh_token table to indicate if the… #255 (stevehu)
- fixes #252 handle remember me and code and token service for form bas… #253 (stevehu)
- fixes #250 remove http_url tag for Jaeger tracer as it contains password #251 (stevehu)
- fixes #248 pass the exchange to PortalAuthenticator for jaeger tracer #249 (stevehu)
- fixes #246 add jaeger tracing dependency to the light-oauth2 services #247 (stevehu)
- fixes #244 change roles to string in the JWT from array of strings #245 (stevehu)
2.0.12 (2020-03-31)
Merged pull requests:
- fixes #242 add a link to the login error message to access API directly #243 (stevehu)
- fixes #240 add forget password and reset password components to login… #241 (stevehu)
- fixes #238 remove oauth2-console as it is part of the light-portal #239 (stevehu)
- fixes #236 add a new authenticator for light-portal user management i… #237 (stevehu)
- Bump acorn from 5.7.3 to 5.7.4 in /login-view #233 (dependabot)
- fixes #232 default authenticator return the roles for after authentic… #234 (stevehu)
2.0.11 (2020-02-29)
Merged pull requests:
- fixes #229 remove oracle dependency from the parent pom.xml #230 (stevehu)
- fixes #225 update login-view to remove redux components #226 (stevehu)
- fixes #223 update the fetch to /oauth2/code with credentials include #224 (stevehu)
- fixes #221 update Dockerfile to resolve jlink not found #222 (stevehu)
2.0.10 (2020-02-01)
Merged pull requests:
2.0.9 (2019-12-31)
Merged pull requests:
2.0.8 (2019-11-27)
Merged pull requests:
2.0.7 (2019-10-26)
Merged pull requests:
2.0.6 (2019-09-13)
Merged pull requests:
2.0.5 (2019-08-30)
Merged pull requests:
2.0.4 (2019-08-16)
Merged pull requests:
- fixes #207 upgrade jackson databind to 2.9.9.3 #208 (stevehu)
- fixes #202 upgrade login-view with the latest create-react-app #203 (stevehu)
2.0.3 (2019-07-31)
Merged pull requests:
- fixes #198 update login-view to handle the redirect #199 (stevehu)
- Issue194 #197 (stevehu)
- fixes #194 fix a typo in the Dockerfile-Slim of oauth2-provider #195 (stevehu)
2.0.2 (2019-07-10)
Merged pull requests:
- fixes #188 update Dockerfile and build.sh to image publishing #189 (stevehu)
- fixes #186 update login-view for code service to submit the form #187 (stevehu)
- fixes #184 add LightFormAuthenticationMechanism to handler the form a… #185 (stevehu)
- fixes #180 upgrade code service to use handler.yml and introduce the … #181 (stevehu)
- fixes #178 add java.security.jgss to the Docker jlink module #179 (stevehu)
- fixes #176 add java.management module to the docker jlink #177 (stevehu)
- fixes #174 update Dockerfile for java 11 #175 (stevehu)
- fixes #172 add client.keystore and client.truststore to the test config #173 (stevehu)
- fixes #169 add both release and snapshot repositories #170 (stevehu)
1.6.4 (2019-06-10)
Merged pull requests:
1.6.2 (2019-05-17)
Merged pull requests:
1.6.1 (2019-05-03)
Merged pull requests:
- fixes #160 oauth2-code health check path does not have service ID #168 (stevehu)
- fixes #166 update KeyRequest constructor with kid parameter #167 (stevehu)
- fixes #164 remove swagger dependencies and use light-4j version only #165 (stevehu)
1.6.0 (2019-04-06)
Merged pull requests:
- fixes #162 update sign service to use the SignRequest from client module #163 (stevehu)
- fix oauth2-code health check path - #160 #161 (dz-1)
1.5.31 (2019-03-02)
Closed issues:
- rollback cors in the handler.yml for oauth-console #159
Merged pull requests:
1.5.30 (2019-02-16)
1.5.29 (2019-02-11)
1.5.28 (2019-01-12)
1.5.27 (2019-01-12)
1.5.25 (2018-12-24)
1.5.24 (2018-12-13)
1.5.23 (2018-11-10)
1.5.22 (2018-11-10)
1.5.21 (2018-10-05)
1.5.20 (2018-10-05)
Closed issues:
- sync db configurations with light-docker #154
- upgrade authorize service to OpenAPI 3.0 #153
- remove JwtVerifyHandler from middleware chain for code and authorize services #152
- add provider service to make multiple OAuth 2.0 providers trust each other #118
1.5.19 (2018-09-22)
Closed issues:
- sync mysql db config to light-docker oauth2 #151
- fixes error message when moving to openapi specification #148
- replace openapi.json with openapi.yaml and remove the validators from service.yml #147
- fix a typo in HashUtil #146
- sync federated provider db script from mysql to others #144
- fix the typo in mysql script in db #143
- bypass GSSAPI SPNEGO authentication mechanism if not configured #141
- remove the network port configuration so that everything is controlled by hazelcast.xml #140
Merged pull requests:
1.5.18 (2018-08-16)
Closed issues:
- flatten the config files into the same directory for k8s #139
- Add JWT token signing endpoint to token service #136
- upgrade to undertow 2.0.11.Final #135
- add authenticator implementations to server.yml for code #133
- update LightIdentityManager with debug info to indicate with authenticator is loaded #132
- add spnego configuration for Microsoft AD SSO integration #131
- remove ibm jdk support for the Kerberos login module #130
- externalize krb5.conf for code and authorize services #129
Merged pull requests:
1.5.17 (2018-07-06)
1.5.16 (2018-07-05)
Closed issues:
- add info log to indicate which hazelcast.xml is loaded #127
- pass marketplace authorize roles into jwt token #126
- Create a none-multicast option for Hazelcast #125
- update client and token swagger specifications in db folder #123
- update token service to return by reference token for external client #120
- create a new endpoint to de-reference opaque token to JWT for external client #119
1.5.15 (2018-06-18)
Implemented enhancements:
- move refresh token to database for longer expiration #96
Closed issues:
- refresh_token table should not be dependent on user_profile #117
- switch to default setExchangeStatus method for errors #116
- add SPNEGO service password to secret.yml #115
- disable marketplace authentication until we find a testing repo #114
- move service specific config files to config folder under resources #113
- update swagger specification to add user_type and roles in code, authorize and token #112
- token service: AT does not contain endpoint scopes #111
- add user_type and roles to refresh_token table #110
- split authentication and authorization to a separate module authhub #109
- update resource owner password grant type with customized auth #108
- support user roles from code, user and token service #107
- get roles from github #106
- add a generic LightIdentityManager and move LDAP to a utility #105
- add LDAP test case to try different LDAP servers #104
- enable authenticate_class in client and cache #103
- add LDAP authentication and authorization #102
- create a new credential with client_id and user_type #100
- add SPNEGO support for the code module #98
- audit all activities on each microservice #63
1.5.14 (2018-05-20)
Closed issues:
- remove csrf token from refresh token object as it should not be persisted #97
- pass in csrf token to refresh token grant flow #95
- docker image error related to JVM #94
- add MariaDB support #92
- add csrf token into the jwt token for token service if it exists #90
- remove signature of ms sqlserver as the fatjar cannot be loaded #89
- sync config files between light-docker and light-oauth2 #87
- enable sensitive data encryption in config files #86
- enable container memory limit in dockerfile #85
- add ms sql server support #84
1.5.13 (2018-04-20)
Closed issues:
- Unrecognized field authenticateClass not marked as ignorable #81
- do not allow scope update once client and service are linked. #80
1.5.12 (2018-04-08)
Closed issues:
- update private keystore path to relative in jwt.yml #79
1.5.11 (2018-04-01)
Implemented enhancements:
- create a new table client_service to define the one to many relationship and scope dependencies. #18
Closed issues:
- return to the caller after sending error to the exchange. #78
- switch to JwtIssuer for token generation #77
- update postgres and oracle db scripts to remove tables in the beginning #76
- support custom claim in json format with client registration #75
1.5.10 (2018-03-02)
Closed issues:
1.5.9 (2018-02-21)
Closed issues:
- cascade delete service endpoints if the service is deteted #72
- update mysql script and service.yml to use mysqluser instead of root #71
Merged pull requests:
- fixes #52 - update Dockerfile-Redhat files in all services #70 (DineshAlapati)
1.5.8 (2018-02-03)
Fixed bugs:
- Fix docker-compose build #57
Closed issues:
- uppgrade to Hazelcast 2.9.2 #66
- update db scripts and swagger.json for mysql, postgres and oracle #65
- update README.md with more information and links to doc site #64
- add client to service relationship API #62
- add service endpoints API #61
- refactor table names before service enhancement #60
- externalize config files to db directory #59
- Dockerfile for production images for all services #52
Merged pull requests:
- fixes #52 - update user permissions on artifacts in production docker… #67 (DineshAlapati)
1.5.7 (2018-01-01)
1.5.6 (2017-12-31)
Closed issues:
- update .gitignore to ignore dependency-reduced-pom.xml #56
- remove dependency-reduced-pom.xml for each sub project #55
- upgrade secret.yml to 1.5.6 with emailPassword #54
- remove default config for production package #53
- Update readme with links to document site and remove docs folder #50
- Upgrade docker-compose files and db configurations to 1.5.4 #49
- Upgrade dependencies and add maven-version #48
Merged pull requests:
- #49: upgrade docker-compose files and db configurations to 1.5.4 #51 (DineshAlapati)
1.4.3 (2017-09-10)
1.4.2 (2017-08-31)
Closed issues:
- Upgrade all test cases to https and http2 #47
1.4.1 (2017-08-31)
Closed issues:
- Make all services HTTP2 and HTTPS enabled and disable HTTP by default #46
- Upgrade to newer version of Undertow and Jackson #45
1.4.0 (2017-08-23)
Closed issues:
- Replace Client with Http2Client and remove dependency of apache httpclient #44
- Update the dependency on security module TokenHelper to OauthHelper #43
- Upgrade to Undertow 1.4.18.Final for Http2 and remove JsonPath dependency #42
- Update password match from String to char[] to prevent revealing password with JVM heap dump #41
1.3.4 (2017-07-09)
Implemented enhancements:
- Implement PKCE extension for authorization code flow for mobile native apps #29
- Implement Open ID Connect on top of the current OAuth2 Authorization Server enterprise edition #15
Closed issues:
- Add build.sh to automatically build, tag and push to docker hub for each service #40
- Implement custom grant type client_authenticated_user #39
- Pass externalized logback.xml in Dockerfile for all services #37
- Inject server/info and /health into swagger for oauth2 services. #36
1.3.1 (2017-06-03)
Implemented enhancements:
- Refactor development edition to use the same swagger specification for validation #5
Fixed bugs:
- After client registration, the returned client_secret is the hashed and salted value not the clear text. #25
- service registration and retrieval createDt is null in the result. #24
Closed issues:
- Upgrade to framework 1.3.1 #35
- Add one test case for token service to ensure that one of the scope matches with client with multiple scopes #32
- Upgrade to the latest framework and config. Also dependencies #31
- clientSecret hash is leaked on GET request #27
- Fix oracle XE docker image version to 16.04 instead of latest which is broken #26
- CORS issue when calling from a SPA #23
- Receive Unexpected runtime exception when registering a service. #21
Merged pull requests:
- allow client authentication by form data #28 (smerschjohann)
1.2.4 (2017-02-20)
Merged pull requests:
- updated version on Docker build #20 (gonzalovazquez)
1.0.0 (2017-02-20)
Implemented enhancements:
- Enable CORS support for client, service, user and refresh token in order to support marketplace SPA call directly from browser. #19
- Implement refresh token for authorization code grant type #16
- Update development edition to have the exact api like enterprise edition #13
- Validate token service redirect_uri exists and is the same as the one passed in code service #12
- Update redirect_url to redirect_uri to follow standard naming in the specification #11
- Support state in authorization code grant type #10
- Implement Resource Owner Password Credentials Grant in token service in enterprise edition #9
- Add more test cases to cover negative case in enterprise edition. #8
- Add client profile in order to categorize clients along with client type #7
- Implement HTTPS with openssl which is much faster than JDK #6
- Client secret needs to be hashed and salted just like user password #4
- Merge oracle, mysql and postgres branch together #3
Fixed bugs:
- Authorization code grant type scope is passed in code service and retrieved from token service #14
Closed issues:
- Add range search for user and service #2
- Add pagination to getUser, getClient and getService endpoints in Enterprise edition #1
0.1.2 (2016-10-10)
* This Change Log was automatically generated by github_changelog_generator