v3.1.0

Features

• Combine prefixed scopes and roles as authorities by @vlaurin in #208

Full Changelog: v3.0.1...v3.1.0

3.0.1

Patch

• Silence warning on missing organisation profiles by @vlaurin in #203

Dependencies

• Bump com.fasterxml.jackson.core:jackson-databind from 2.18.0 to 2.18.2 by @dependabot in #188

Internal

• Bump org.owasp.dependencycheck from 12.0.0 to 12.1.0 by @dependabot in #202
• Bump io.freefair.lombok from 8.10 to 8.12.1 by @dependabot in #201

Full Changelog: v3.0.0...v3.0.1

3.0.0

Breaking

• Separate roles from authorities by @vlaurin in #193
• Remove deprecated UserInfo#getJurisdictions() by @vlaurin in #196

Changes

• Add claim app.quickcase.claims/groups by @vlaurin in #191
• Define precedence order for access levels and security classifications by @vlaurin in #194
• Deprecate organisation profiles by @vlaurin in #195

Internal

• Run OWASP Dependency Checks using official action by @vlaurin in #192
• Bump actions/checkout from 4.2.0 to 4.2.2 by @dependabot in #183
• Bump org.owasp.dependencycheck from 10.0.4 to 12.0.0 by @dependabot in #197

Full Changelog: v2.0.0...v3.0.0

2.0.0

Breaking

• Upgrade to Java 17 by @vlaurin in #175
• Bump spring-boot from 2.7.7 to 3.3.4 by @vlaurin in #174

Dependencies

• Bump com.fasterxml.jackson.core:jackson-databind from 2.14.1 to 2.18.0 by @dependabot in #165

Internal

• Bump actions/cache from 3.2.3 to 3.3.1 by @dependabot in #155
• Bump actions/checkout from 3.3.0 to 3.5.2 by @dependabot in #161
• Bump org.hamcrest:hamcrest from 2.2 to 3.0 by @dependabot in #167
• Bump io.freefair.lombok from 6.6.1 to 8.10 by @dependabot in #166
• Upgrade Gradle from 7.4 to 8.10.2 by @vlaurin in #173
• Bump org.owasp.dependencycheck from 8.0.1 to 10.0.4 by @dependabot in #163
• Bump actions/cache from 3.3.1 to 4.0.2 by @dependabot in #171
• Bump slackapi/slack-github-action from 1.23.0 to 1.27.0 by @dependabot in #168
• Bump actions/setup-java from 3 to 4 by @dependabot in #170
• Bump actions/checkout from 3.5.2 to 4.2.0 by @dependabot in #169
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #172
• Drop direct dependency on snakeyaml by @vlaurin in #176

Full Changelog: v1.3.0...v2.0.0

1.3.0

Features

• Add mode jwt-access-token by @vlaurin in #143

Provider support

• Validate support for Auth0
• Add support for Azure AD

Dependencies

• Bump Spring Boot from 2.7.5 to 2.7.7 by @vlaurin in #137
• Bump jackson-databind from 2.13.4.2 to 2.14.1 by @dependabot in #122

Full Changelog: v1.2.0...v1.3.0

1.2.0

What's changed

Maintenance release, mainly a minor upgrade of Spring Boot.

Dependencies

• Bump Spring Boot to 2.7.5 9062e5b
• Bump jackson-databind to 2.13.4.2 1d67937
• Bump snakeyaml to 1.33 2960f1a

Full Changelog: v1.1.1...v1.2.0

1.1.1

Fixes

• Suppress CVE-2021-22112 by @vlaurin in #67

Full Changelog: v1.1.0...v1.1.1

1.1.0

Dependencies

• Bump Spring Boot from 2.4.3 to 2.6.3 by @vlaurin in #66

Full Changelog: v1.0.1...v1.1.0

1.0.1

Fixes

• #61 Fix organisation parsing from JSON strings

Dependency upgrades

• Upgrade to Spring Boot 2.4.3

1.0.0

Consolidated, configuration-driven library compatible with Keycloak and AWS Cognito.

Breaking changes

• #32 Ditch provider-specific implementations
• #36 Drop use of jurisdictions claim
• #38 Namespace private QuickCase claims
• #35 Make jwk-set-uri a custom configuration property
• #55 Review detection of user vs client authentication

Features

• #37 Allow all claim names to be overridden via configuration
• #39 Allow private claims to be prefixed via configuration

Dependency upgrades

• #45 Upgrade to Spring Boot 2.4.2