Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

OSIAM Auth Server 2.5

Latest
Latest
Compare
Choose a tag to compare
@tkrille tkrille released this 21 Dec 16:18
· 3 commits to master since this release
v2.5
a655d7a

Changelog

Features

  • Use JDBC connection pooling

    By default the pool has a size of 10 and a timeout of 30s to acquire a connection.
    These settings can be changed with the following configuration properties:

    • org.osiam.auth-server.db.maximum-pool-size
    • org.osiam.auth-server.db.connection-timeout-ms

  • Support retrieving list of clients

    Use the resource endpoint /Client with GET.

  • Make number of parallel connections to the auth-server configurable

    The default is 40 and can be changed with the following configuration property:

    • org.osiam.resource-server.connector.max-connections

  • Make timeouts of connections to auth-server configurable

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.
    These settings can be changed with the following configuration properties:

    • org.osiam.resource-server.connector.read-timeout-ms
    • org.osiam.resource-server.connector.connect-timeout-ms

Changes

  • Add Flyway migration to replace method-based scopes

    The migration removes all method-based scopes from the auth-server client and adds the scope ADMIN.

  • Increase default timeouts for connections to resource-server

    By default the read timeout is set to 10000ms and the connect timeout to 5000ms.

  • Increase default maximum number of parallel connections to resource-server

    The default is 40.

  • Switch to Spring Boot

  • Refactor database schema

    Note: Some fields in table osiam_client have been renamed:

    • accesstokenvalidityseconds becomes access_token_validity_seconds
    • refreshtokenvalidityseconds becomes refresh_token_validity_seconds
    • validityinseconds becomes validity_in_seconds

    Update your SQL scripts, if you add OAuth 2 clients via direct database manipulation.
    It's recommended to use the RESTful endpoints under /Client to manage Clients.

Fixes

  • Make sure access_token, refresh_token and token_type are added only
    once to the returned Access Token (Fixes #42).

  • Remove scopes from the Access Token (Fixes #51).

  • Prevent NPE when User#active is null

  • Handle duplicate client creation error on application level

    Respond with Conflict 409 when a client with a requested client id already
    exists

Updates

  • OSIAM connector4java 1.8
  • MySQL JDBC driver 5.1.37
  • PostgreSQL JDBC driver 9.4-1205
  • OAuth2 for Spring Security 2.0.8
Assets 5
Loading