Refresh token removing doesn't look up in persistence (4.x). #1480
Comments
yuriyz
added a commit
that referenced
this issue
Oct 12, 2020
yuriyz
changed the title
yuriyz
added a commit
that referenced
this issue
Oct 14, 2020
|
Fixed in 4.2.2. Back ported into 4.1.3 and transferred to jans. |
yurem
added a commit
that referenced
this issue
Oct 5, 2021
* Revert "Temporary disable tests" This reverts commit a74cca4 * fix: update passport social script to handle provider config state problem #1448 * (4.2.2) Refresh token removing doesn't look up in persistence. #1480 * fix: update jwt date check function in passport scripts #1482 * Merge www pass from master * (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed. 2. ``/end_session` should validate by sid value #1485 * (4.2.2) Corrected validation by sid at /end_session endpoint. #1485 * (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag. #1486 * (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`). #1487 * (4.2.2) Return sid from authorization endpoint. #1485 * Update dependencies * Corrected authorization code clean up at token endpoint. * Corrected bug for refreshing token based on requested offline_access scope #1492 * Fixed NPE #1492 * (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST. #1494 * Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property * Fixed client and tests related to switching /end_session to sid. #1485 * (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property. #1488 * (4.2.2) Print only sessionId at INFO log level. * Fix ACR change when used alias * Fix ACR change when used alias * (4.2.2) Added nested JWT support into JWE #949 * (4.2.2) Corrected CrossEncryptionTest #949 * (4.2.2) Return sub value for ROPC based on `openidSubAttribute`. #1491 * (4.2.2) Added a new claim to the id_token: `"grant": <value>". #1497 * (4.2.2) Added required method to UnmodifiableAuthorizationGrant #1497 * (4.2.2) More logs in trace - added keySelectionStrategy #1494 * Adjust endpoint response according to compatibility flag #1499 * Allow bean to parse both string/list scopes formats #1499 * (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access. #1496 * Fix javadoc param * casa's DUO plugin related files * Casa's DUO plugin * BioID interception script and CASA integration * Avoid NPE when there is no grant #1499 * bioid image * (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization. #1504 * (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly #1481 * (4.2.2) Checked also grant scopes for offline_access scope. #1492 * Added more trace logs during key selection. * (4.2.2) id_token is missed during 2 concurrent calls for ROPC #1493 * #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Don't stop on unsuccessfull BC installation * (4.2.2) NPE during backchannel logout if grant object was not identified #1505 * BioID script * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * (4.2.2) Introduced revoke interception script #1502 * (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri` #1503 * #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Fix compilation after BC upgrade * Version 4.2.2.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 1e3b7bb. * Version 4.2.3-SNAPSHOT * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 2f59e2a. * Minor code improvements for IntrospectionWebService * (4.2.3) Added Stat and StatEntry entities. * (4.2.3) Added Stat and StatEntry entities. #1512 * Add XML signature test * (4.2.3) Added net.agkn.hll to pom #1512 * (4.2.3) Added "stat" base dn to config #1512 * (4.2.3) Added stat event and stat related configurations. #1512 * (4.2.3) Implemented StatService. #1512 * (4.2.3) Added stat timer. #1512 * (4.2.3) Added stat response item. #1512 * More logs * Reduced intervals of timers for test purpose. * (4.2.3) Report about token creation to stat service. #1512 * (4.2.3) Stat timer initialization. #1512 * Revert "Reduced intervals of timers for test purpose." This reverts commit ccaf020 * (4.2.3) added more logs #1512 * #1518 * (4.2.3) Fixed initialization of stat service #1512 * (4.2.3) Prevent NPE if stat service is not correctly initialized. #1512 * (4.2.3) Added reporting of active user to SessionIdService. #1512 * (4.2.3) Added stat response. #1512 * (4.2.3) Report for active user when authenticated session is created. #1512 * (4.2.3) Wrapped reporting active user into separate method. #1512 * (4.2.3) Added report for RPT token. #1512 * (4.2.3) Adding stat web service. #1512 * (4.2.3) Added month validation and run validation methods to StatWS. #1512 * (4.2.3) Added authorization validation and cardinality union for MAU (StatWS). #1512 * (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS). #1512 * (4.2.3) Added aggregation of StatResponseItem (StatWS). #1512 * (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS) #1512 * Version 4.2.3.Final * Temporary disable client side tests * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Added Stat client service and client test. #1512 * (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri). #1520 * Revert "Temporary disable client side tests" This reverts commit 8138ae8 * (4.2.3) added basic and post client authentication for stat #1512 * Version 4.3.0.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 23aa6bc. * (4.3) Avoid NPE in User Info Endpoint (caused by scope removing) #1517 * A sample script to explain redirection to a third party app and back to Gluu server * typo * New interceptions script to modify id_token #1523 * Add license * (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created. #1526 * (4.3) Removed statNodeId from configuration. #1512 * (4.3) Stat: Use mac address as nodeId. #1512 * (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes) #1528 * (4.3) Re-set ttl of objects on update. #1528 * (4.3) Re-set ttl of UMA Resource on update. #1528 * (4.3) Added keyAlgsAllowedForGeneration configuration property. #1525 * (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property. #1525 * feat(casa): allow preferred method to be prompted GluuFederation/casa#87 * Check if signatire verification method returns true * Backport: Add system flag config to enable/disable CIBA #1404 * Backport: Add system flag config to enable/disable CIBA #1404 * fix(4.3): mau report must not effect authentication #1512 * fix: failed to create Ldap connection pool with encoded password. #1531 * fix(forgot_password): update script compatibility (#1535) * fix(forgot.xhtml): remove broken syntax There was an additional `<` char on the file fix #1534 * fix(forgot_password): import and send correct args ConfigurationService should be imported from `service.common` and `init` should be called with additional arg `customScript` fix #1534 * feat(forgot_password): add important info to log fix #1534 * refactor(4.3): added logs about id_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about refresh_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about access_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * feat(4.3): added simpleclient_common dependency #1321 * fix(4.3): switched hll serialization to base64 from plain string #1538 * chore: added more log messages about stat node id creation * feat: move ORM to oxOrm * fix: fix dependecies * feat: add SQL/Spanner ORM libs * feat(4.3): constants for stat service #1321 * fix: fix configuration path * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * feat: update to conform new API * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix: merge cleaner fixes from Jans * fix: remove deprecated attributes * fix: remove unused attribute * feat(4.3) : added openmetrics response support to StatWS #1512 #1321 * fix: use right UmaResource class in cleaner job * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: removed cleanServiceBaseDns configuration property used during development GluuFederation/oxTrust#2067 * feat: clean only oxAuth metrics * feat: avoid potential NPE * feat: add new ORM dependecies * fix(4.3): openmetrics reponse construction #1544 * fix(4.3): openmetrics response construction #1544 * fix(4.3): changed label name #1544 * fix(4.3): fixed npe in stat ws #1544 * fix(4.3): made access to hll thread-safe #1544 * fix(4.3): corrected stat labels #1544 * feat: don't use lower case in authenticate if DB is Spanner * feat: don't use lower case in use search if DB is Spanner * fix(4.3): don't add branch if db does not support branches * fix(4.3): don't add branch for rpt service if db does not support branches * feat (4.3): added new introspectionSkipAuthorization conf property https://github.com/JanssenProject/jans-auth-server/issues/105 * fix(4.3): removed redundant amr attribute reference. * feat(4.3): made mtls service ignore order during subject matching https://github.com/JanssenProject/jans-auth-server/issues/116 * feat(4.3): corrected typo https://github.com/JanssenProject/jans-auth-server/issues/117 * feat: Add sample passwordless authentication flow * DCR response should return 201 : indicates success + record persisted * Revert "DCR response should return 201 : indicates success + record persisted" This reverts commit 7ccdd40. * feat(4.3): added ability to skip authorization for introspection endpoint https://github.com/JanssenProject/jans-auth-server/issues/105 * feat: use right OC to execute authentication filter. Jans ORM #1 * fix: merge inum PCT generation code from Jans * feat: update server test profiles * feat: add missing SQL/Spanner conf files * feat: fix typo in names * feat: update default server profile * feat: update server test profiles * feat: sync with setup * fix: use right client keystores * feat: update server test profiles * feat: merge from Jans * feat: merge code from Jans * fix(4.3): corrected logging of consent gathering session service * fix(4.3): corrected logging of consent gathering session service * fix: use ldap sdk version which defined in ORM * feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices) * feat: update libs * Fix: register prometheus counters once for giver registrar #1553 * feat: update libs * feat(4.3): forced stat scope for statistic endpoint #1554 * fix(4.3): ignore corrupted data during stat aggregation #1555 * feat(4.3): added statAuthorizationScope configuration property and enforced it #1554 * feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules #1545 * ci: added updatePolicy: always to repo * fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false https://github.com/JanssenProject/jans-auth-server/issues/149 * feat: add pingid integration * chore: add README for casa script * chore: make README point to prod docs * feat: touch id as a fido2 device * docs: typo * fix: image not needed * fix: properly url decode query parameters in QueryStringDecoder * feat: added overload for url decode method in QueryStringDecoder * feat: update jquery * feat: add trace logging to dump redirect URI * feat(4.3): added organization to client * feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow. #1563 * fix: update to conform new ORM * fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection * fix: fix oxEnrollmentCode custom attribute removal * feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564 * feat: casa plugin for Stytch Creds as a 2FA method * Version 4.3.0.Final * feat: temporary disable tests * Revert "feat: temporary disable tests" This reverts commit e6dcfda. * feat: force to use recent joda-time * fix(4.3): fixed persistence of session on acr changed detection #1552 * fix(4.3): removed filtering of stat endpoint Authorization is checked inside WS. * fix(4.3): added SSA and additional access token validation during client update #1567 * feat: added more logs to add user method * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix(4.3): removed client_credentials token validation #1567 * Merge with 4.3.0 * Merge with 4.3.0 * Merge with 4.3.0 Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: kdhttps <kdhttps@gmail.com> Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
Refresh token removing doesn't looks up in persistence (4.x).
The text was updated successfully, but these errors were encountered: