Skip to content

Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation

Kehrlann
Copy link
Contributor

  • Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+,
    which breaks NimbusJwsEncoder.
  • In order to be compatible with both 9.+ (in Security up to
    5.4.4 included) and with 8.+ (in Security 5.4.5), we need to use JSONObjects
    from json-smart, which was bundled with nimbus 8.+ but not with 9.+

Tested with both springSecurityVersion = 5.4.2 and 5.4.5

Samples tested with:

  • Boot 2.4.2
  • Boot 2.4.3 + Security 5.4.5 (the version bundled in boot

closes #256

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 12, 2021
Copy link
Collaborator

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @Kehrlann. Please see review comments.

@jgrandja jgrandja self-assigned this Mar 15, 2021
@jgrandja jgrandja added type: dependency-upgrade A dependency upgrade and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 15, 2021
@jgrandja jgrandja added this to the 0.1.1 milestone Mar 15, 2021
@Kehrlann Kehrlann force-pushed the align-nimbus-with-spring-security branch from 6acfdd8 to 5d93772 Compare March 16, 2021 09:22
@Kehrlann
Copy link
Contributor Author

Also bumped Boot to 2.4.3, which matches Security 5.4.5, see Boot dependencies.

- Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+,
  which breaks NimbusJwsEncoder.
- Bump Security to 5.4.5, and Boot to 2.4.3 to match Security
@Kehrlann Kehrlann force-pushed the align-nimbus-with-spring-security branch from 5d93772 to cb19670 Compare March 16, 2021 09:40
@Kehrlann Kehrlann requested a review from jgrandja March 16, 2021 15:37
@jgrandja jgrandja added the status: duplicate A duplicate of another issue label Mar 16, 2021
@jgrandja
Copy link
Collaborator

Thanks for the PR @Kehrlann ! This is now in master.

@jgrandja jgrandja closed this Mar 16, 2021
@Kehrlann Kehrlann deleted the align-nimbus-with-spring-security branch March 19, 2021 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: duplicate A duplicate of another issue type: dependency-upgrade A dependency upgrade
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Align dependencies with the version of Spring Security being used
3 participants