Nimbus has released v10.1 of its OAuth2 and OIDC SDK. It provides updated OIDCfed support and other new features that may be useful in our future development tasks. It also seems that the new version is more or less compatible with the current codebase of oidc-commons, OP and RP plugins.
As a part of the version update for com.nimbusds:oauth2-oidc-sdk, its dependencies (com.nimbusds:nimbus-jose-jwt, com.nimbusds:lang-tag, etc) should be updated to match the versions referenced from the oauth2-oidc-sdk POM.
Environment
None
Activity
Show:
Henri MikkonenOctober 28, 2022 at 11:46 AM
For the record, nimbus-jose-jwt version in oauth2-oidc-sdk’s POM is specified to 9.24.4, but we set it to 9.25.6 (currently latest) in order to tackle this bug:
Otherwise one OP unit test (AddJwksToClientMetadataTest.testEmptyContents()) was failing due to NPE caused by the bug.
Henri MikkonenOctober 28, 2022 at 10:19 AM
Updated the following dependencies:
nimbus-jose-jwt: 9.14 to 9.25.6
oauth2-oidc-sdk: 9.20 to 10.1
json-smart: 2.4.7 to 2.4.8
nimbus.lang: 1.5 to 1.7
nimbus.content.type: 2.1 to 2.2
nimbus.lang.tag: 1.5 to 1.7
Some tests in ExplicitKeySignedJWTTrustEngineTest needed to be modified as Nimbus doesn't allow injecting private JWK into the headers anymore. At least the MAC test needs further improvements, added a TODO-tag for it.
Philip SmartOctober 28, 2022 at 10:02 AM
Fine for me, if you commit those changes I will fix any issues that arise in the RP
Nimbus has released v10.1 of its OAuth2 and OIDC SDK. It provides updated OIDCfed support and other new features that may be useful in our future development tasks. It also seems that the new version is more or less compatible with the current codebase of oidc-commons, OP and RP plugins.
As a part of the version update for com.nimbusds:oauth2-oidc-sdk, its dependencies (com.nimbusds:nimbus-jose-jwt, com.nimbusds:lang-tag, etc) should be updated to match the versions referenced from the oauth2-oidc-sdk POM.