Connect2id server 11.3
This is a mini update to the Connect2id server for OAuth 2.0 and OpenID Connect.
Authorisation and PAR validator SPI update
Plugins using the authorisation request and pushed authorisation request (PAR) validator SPIs can now define their custom initialisation and shutdown logic. Heavyweight plugins that need to load a configuration or some other resources at server startup can do so via the Lifecycle interface which the two validator SPIs now extend.
If the concept of the Java Service Provider Interface (SPI) for dynamic loading of plugin code is new to you we devised a guide explaining the packaging and deployment of plugins.
Open Banking update to the Software Statement Verifier plugin
The Software Statement Verifier plugin, which was written to handle client registration requests with embedded software statements (a signed JWT intended to identify the client software vendor) as well as the special type of client registrations occurring in Open Banking, was updated to support the configuration of scope rules based on JSON Path expressions. Such rules can be used to determine what scopes a particular client can be allowed to request based on parameters found in its software statement JWT.
For more information and a list of fixed issues check the release notes below.
Download
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 11.3: Connect2id-server.zip
SHA-256: 176e9acfdda9440f05bfdd3be5fd9c78fd0d7629c8187345029a8ae90dcab970
Connect2id server 11.3 WAR package: c2id.war
SHA-256: b6bb0b5414a80f8d20ebf13d6210d1c768bb0e9178c13032d0d215d5718cdc70
Multi-tenant edition
Apache Tomcat package with Connect2id server 11.3: Connect2id-server-mt.zip
SHA-256: 9de2eb744b7b219510b5ec33e0972909d12313ba0b4306570f1b1e5d93a2aac5
Connect2id server 11.3 WAR package: c2id-multi-tenant.war
SHA-256: 8ab10da34d6b2dacab6a998521f2cd86405238a1a6fc1cdde408038bfb355744
Questions?
Contact Connect2id support.
Release notes
11.3 (2021-03-31)
Summary
Upgrades to the AuthorizationRequestValidator and PARValidator SPIs to allow for initialisation and shutdown code.
Upgrades the Software Statement Verifier plugin (for the RegistrationInterceptor SPI) to support the configuration of scope rules based on JSON Path expressions. Intended for use in Open Banking.
Upgrades the JSON serialisation in the Connect2id server.
SPI
Upgrades the Connect2id server SDK to com.nimbusds:c2id-server-sdk:4.31
com.nimbusds.openid.connect.provider.spi.authz.AuthorizationRequestValidator
Lets the SPI extend Lifecycle which has default init, isEnabled and shutdown methods.
See https://www.javadoc.io/doc/com.nimbusds/c2id-server-sdk/4.31/ com/nimbusds/openid/connect/provider/spi/authz/ AuthorizationRequestValidator.html
com.nimbusds.openid.connect.provider.spi.par.PARValidator
Lets the SPI extend Lifecycle which has default init, isEnabled and shutdown methods.
See https://www.javadoc.io/doc/com.nimbusds/c2id-server-sdk/4.31/ com/nimbusds/openid/connect/provider/spi/par/PARValidator.html
Resolved issues
Corrupted persisted long-lived authorisation records should be treated as missing record and not result in a 500 Internal Server Error. Corrupted entries are logged under AS0267 (issue authz-store/183).
Corrupted persisted revocation journal entries should be treated as missing entry and not result in a 500 Internal Server Error. Corrupted entries are logged under AS0271 (issue authz-store/182).
Log uniform INFO messages on failed client authentication at the token (OP6203), token introspection (OP6512), token revocation (OP6412) and PAR (OP6203) endpoints (issue server/653).
Dependency changes
Upgrades to com.nimbusds:c2id-server-sdk:4.31
Updates to com.nimbusds:oauth2-oidc-sdk:9.3
Updates to com.nimbusds:oauth2-authz-store:16.7.1
Updates to com.nimbusds:oidc-session-store:14.4.1
Upgrades to com.nimbusds:common:2.45
Updates to com.unboundid:unboundid-ldapsdk:5.1.4
Updates to com.thetransactioncompany:pretty-json:1.4.1
Updates to net.minidev:json-smart:2.3
Adds com.jsoniter:jsoniter:0.9.23
Updates to com.nimbusds:software-statement-verifier:2.2