OAuth 2.0 / OpenID Connect SDK v9.0

The OAuth 2.0 / OpenID Connect SDK for developing client and server applications has a new major release today.

The underlying Nimbus JOSE+JWT library was upgraded to major version 9.0, which made appearance in 2020 and most notably shaded the JSON Smart dependency. If your framework or application code relies on methods from the JWT library that return JSON Smart classes (JSONObject or JSONArray) and doesn't compile you will need to refactor it. The JSONObjects.toJSONString utility can help you with serialising JSON.

The reported bugs in the tracker were also run down to zero.

A good cause to celebrate!

version 9.0 (2021-02-01)

  • Upgrades to Nimbus JOSE+JWT 9.x (9.4.1) where the JSON Smart (net.minidev:json-smart) dependency is shaded.
  • Adds new safe JSONObjectUtils.toJSONObject(com.nimbusds.jwt.JWTClaimsSet) method for obtaining a net.minidev.json.JSONObject representation of a JWT claims set.
  • Fixes IDTokenClaimsVerifier to check for azp claim present when multiple ID token aud claim values present (iss #263).
  • Updates to OpenSAML 3.4.6.