A fast, light and cloud native OAuth 2.0 authorization microservices based on light-4j

Last update: Dec 17, 2022

Overview

A fast, light weight and cloud native OAuth 2.0 Server based on microservices architecture built on top of light-4j and light-rest-4j frameworks.

Light platform follows security first design and we have provided an OAuth 2.0 provider light-oauth2 which is based on light-4j and light-rest-4j frameworks with 7 microservices. Some of the services implement the OAuth 2.0 specifications and others implement some extensions to make OAuth more suitable to protect service to service communication, other styles of services like GraphQL, RPC and Event Driven, Key management and distribution, service registration, token scope calculation and token exchange.

Why this OAuth 2.0 Authorization Server

Fast and small memory footprint to lower production cost.

It can support 60000 user login and get authorization code redirect and can generate 700 access tokens per second on my laptop.

It has 7 microservices connected with in-memory data grid and each service can be scaled individually.

More secure than other implementations

OAuth 2.0 is just a specification and a lot of details are in the individual implementation. Our implementation has a lot of extensions and enhancements for additional security and prevent users making mistakes. For example, we have added an additional client type called "trusted" and only this type of client can issue resource owner password credentials grant type.

More deployment options

You can deploy all services or just deploy the services for your use cases. You can deploy token and code service to DMZ and all others internal for maximum security. You can have several token services or deploy token service as sidecar pattern in each node. You can start more instance of key service on the day that your public key certificate for signature verification is changed and shutdown all of the but one the next day. You can take the full advantages of microservices deployment.

Seamlessly integration with Light-Java framework

Built on top of light-4j and light-rest-4j
Light-4j Client and Security modules manages most of the communications with OAuth2
Support service on-boarding from light-portal
Support client on-boarding from light-portal
Support user management from light-portal
Open sourced OpenAPI specifications for all microserivces

Easy to integrate with your APIs or services

The OAuth2 services can be started in a docker-compose for your local development and can be managed by Kubernetes on official test and production environment. It exposes RESTful APIs and can be access from all languages and applications.

Support multiple databases and can be extended and customized easily

Out of the box, it supports Mysql, Postgres and Oracle XE and H2 for unit tests. Other databases can be easily added with configuration change in service.yml.

Public key certificate distribution

With distributed security verification, JWT signature public key certificates must but distributed to all resource servers. The traditional push approach is not working with microservices architecture and pull approach is adopted. There is a key service with endpoint to retrieve public key certificate from microservices during runtime based on the key_id from JWT header.

Two tokens to support microservices architecture

Each service in a microservices application needs a subject token which identifies the original caller (the person who logged in the original client) and an access token which identifies the immediate caller (might be another microservices). Both tokens will be verified with scopes to the API endpoint level. Additional claims in these tokens will be used for fine-grained authorization which happens within the business context.

Token exchange for high security

Even with two tokens, we can only verify who is the original calller and which client is the immediate caller. For some highly protected service like payment or fund transfer, we need to ensure that the call is routed through some known services. light-oauth2 token service support token exchange and chaining so that a service can verify the entire call tree to authorize if the call is authorized or not.

Service registration for scope calculation

light-oauth2 has a service registration to allow all service to be registered with service id and all endpoints as well as scopes for the endpoint. During client registration, you can link a client to services/endpoints and the scope of the client can be calculated and updated in client table. This avoids developers to pass in scopes when getting access token as there might be hundreds of them for a client that accesses dozens of microservices.

All activities are audited

A database audit handler has been wired into all light-oauth2 services to log each activity across services with sensitive info masked. In the future we will put these logs into AI stream processing to identify abnormal behaviors just like normal service log processing.

OAuth2 server, portal and light-4j to form ecosystem

light-java to build API

light-oauth2 to control API access

light-portal to manage clients and APIs

Introduction

This introduction document contains all the basic concept of OAuth 2.0 specification and how it work in general.

Getting started

The easiest way to start using light-oauth2 in your development environment is through docker-compose in light-docker repository. Please refer to getting started for more information.

Architecture

There are some key decision points that are documented in architecture section.

Documentation

The detailed service document help users to understand how each individual service works and the specification for each services. It also contains information on which scenarios will trigger what kind of errors.

Tutorial

There are tutorials for each service that shows how to use the most common use cases with examples.

Reference

There are vast amount of information about OAuth 2.0 specifications and implementations. Here are some important references that can help you to understand OAuth 2.0 Authorization.

Comments

docker-compose not working.

Followed the documentation below https://doc.networknt.com/getting-started/light-oauth2/

After the maven clean install docker-compose does not run. Kindly have a look at this stack overflow link. https://stackoverflow.com/questions/64096572/light4j-oauth2-docker-compose-errors-saying-cannot-locate-specified-dockerfile/64096774#64096774

Need to change the docker-compose yml accordingly.

opened by Ekshunya-India 7
docker-compose.exe -f docker-compose-mysql.yml up failed

Hi, When I try to execute

docker-compose.exe -f docker-compose-mysql.yml up or docker build -f Dockerfile .

it always show this：

ADD failed: stat /var/lib/docker/tmp/docker-builder215098260/target/oauth2-code.jar: no such file or directory

docker engine:18.06.1-ce compose:1.22.0

opened by brianincd 3
Refresh Tokens Can be re-used
Example of issue:

Call the light-oauth2 code service (GET), and use the authorization code that was sent to the redirect uri.

Call the light-oauth2 (POST: authorization code grant type) with the authorization code. It will return an authorization token T1 and a refresh token R1.

Call the light-oauth2 token service (POST: refresh token grant type) with refresh token R1. It will return an authorization token T2 and refresh token R2.

Call the light-oauth2 token service again (again, the POST: refresh token grant type) with refresh token R1. It will return an authorization token T3 and refresh token R3.

Step 4 contradicts the docs, which say that The authorization server revoke the old refresh token after issuing a new refresh token to the client. From step 4 above, however, it does not appear that refresh token R1 has been revoked even after the new refresh token R2 has been issued. R1 is still able to get new authorization tokens.

So now, R1, R2, and R3 can all be used to get new authorization tokens, and the set of useable refresh tokens keeps growing indefinitely.
bug 1.6.x 2.0.x
opened by miklish 3
do not allow scope update once client and service are linked.

When both clients and services are registered with relationships set up in between, users are not allowed to update scope on the client anymore as the scope will be derived from services/endpoints. Currently, the client microservice throws an exception but still returns old scope and new scope in the response. In fact, the database wasn't updated and the old scope is still in both database and cache. We need capture the SQLException and return users a meaningful error code and message.

opened by stevehu 3
Receive Unexpected runtime exception when registering a service.
Hi Steve,

I receive an Unexpected runtime exception when I am running light-oauth2 docker-compose-oracle.yml. It does not happen with the SQL version. I have only been able to reproduce it with oracle.

Here is my POST request:

curl --request POST \ --url http://localhost:6883/oauth2/service \ --header 'cache-control: no-cache' \ --header 'content-type: application/json' \ --data '{\n"serviceId":"MRKT0002",\n"serviceType":"api",\n"serviceName":"Retail Account",\n"serviceDesc":"Microservices for Marketplace Account",\n"scope":"mrk.r",\n"ownerId":"admin"\n}'

To reproduce please use the version from master and docker-compose-oracle.yml

Thanks, Gonzalo
opened by gonzalovazquez 3
Bump jackson-databind from 2.13.3 to 2.13.4.1
Bumps jackson-databind from 2.13.3 to 2.13.4.1.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 2
Bump undertow-core from 2.2.18.Final to 2.2.19.Final
Bumps undertow-core from 2.2.18.Final to 2.2.19.Final.

Commits

2ec4d95 Prepare 2.2.19.Final

e52cefb Merge pull request #1361 from fl4via/2.2.x_backport_bug_fixes

215316d [UNDERTOW-1997] Add test for a security constraint with "/" path URL Pattern

e2b1e68 [UNDERTOW-1997] Corrected handling of security constraints with URL pattern '/'

e8ae803 [UNDERTOW-1934] invoke onClose in case of network failure

6f620cd [UNDERTOW-2125] At ReadTimeoutStreamSourceConduit, skip expiration if connect...

9a06b56 Merge pull request #1353 from kstekovi/UNDERTOW-2112_2.2.x

5177c78 Merge pull request #1359 from fl4via/2.2.x_backport_bug_fixes

1d95f77 [UNDERTOW-2135] Partial revert of hack from commit id: 55445de

7d3a045 [UNDERTOW-2133] Handle RequestTooBigException

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 2
Bump junit from 4.12 to 4.13.1
Bumps junit from 4.12 to 4.13.1.

Release notes

Sourced from junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

Commits

1b683f4 [maven-release-plugin] prepare release r4.13.1

ce6ce3a Draft 4.13.1 release notes

c29dd82 Change version to 4.13.1-SNAPSHOT

1d17486 Add a link to assertThrows in exception testing

543905d Use separate line for annotation in Javadoc

510e906 Add sub headlines to class Javadoc

610155b Merge pull request from GHSA-269g-pwp5-87pp

b6cfd1e Explicitly wrap float parameter for consistency (#1671)

a5d205c Fix GitHub link in FAQ (#1672)

3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (#1660)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 2
Bump mysql-connector-java from 6.0.5 to 8.0.16
Bumps mysql-connector-java from 6.0.5 to 8.0.16.

Changelog

Sourced from mysql-connector-java's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/

Version 8.0.20

Fix for Bug#30805426, IN CASE OF ISAUTHMETHODSWITCHREQUESTPACKET , TOSERVERS > 1 ARE IGNORED.

Fix for Bug#97714 (30570249), Contribution: Expose elapsed time for query interceptor to avoid hacky thread local implementations. Thanks to Matti Sillanpää and Johnathan Crawford for their contribution.

Fix for Bug#97724 (30570721), Contribution: Allow '3.' formatted numbers. Thanks to Nick Pollett for his contribution.

Fix for Bug#98536 (30877755), SIMPLEDATEFORMAT COULD CACHE A WRONG CALENDAR.

Fix for Bug#91112 (28125069), AGAIN WRONG JAVA.SQL.DATE.

Fix for Bug#30474158, CONNECTOR/J 8 DOES NOT HONOR THE REQUESTED RESULTSETTYPE SCROLL_INSENSITIVE ETC.

Fix for Bug#98445 (30832513), Connection option clientInfoProvider=ClientInfoProviderSP causes NPE.

WL#12248, DevAPI: Connection compression.

Fix for Bug#30636056, ResultSetUtil.resultSetToMap() can be unsafe to use.

Fix for Bug#97757 (30584907), NULLPOINTEREXCEPTION WITH CACHERESULTSETMETADATA=TRUE AND EXECUTEQUERY OF "SET".

Version 8.0.19

WL#13346, Support for mult-host and failover.

Fix for Bug#97413 (30477722), DATABASEMETADATA IS BROKEN AFTER SERVER WL#13528.

WL#13367, DNS SRV support.

WL#12736, DevAPI: Specify TLS ciphers to be used by a client or session.

Fix for regression tests broken by Bug#97079 fix.

Fix for Bug#96383 (30119545) RS.GETTIMESTAMP() HAS DIFFERENT RESULTS FOR TIME FIELDS WITH USECURSORFETCH=TRUE.

Fix for Bug#96059 (29999318), ERROR STREAMING MULTI RESULTSETS WITH MYSQL-CONNECTOR-JAVA 8.0.X.

Fix for Bug#96442 (30151808), INCORRECT DATE ERROR WHEN CALLING GETMETADATA ON PREPARED STATEMENT.

Version 8.0.18

WL#13347, Connectors should handle expired password sandbox without SET operations.

Fix for Bug#84098 (25223123), endless loop in LoadBalancedAutoCommitInterceptor.

Commits

34cbc6b License book updated.

793bd55 Minor fix for tests failing with URL without parameters.

58600cc WL#12825, Remove third-party libraries from sources and bundles.

5aa15d5 Fix for Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound bef...

1fecc2b Fix for Bug#94414 (29384853), Connector/J RPM package have version number in ...

f5d24e3 Fix for Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY...

c49db58 WL#12246, DevAPI: Prepared statement support.

a5c3d29 Added definition file for msi building tools.

13045c2 WL#10839, Adjust c/J tests to the new "ON" default for

2e350a5 Fix for Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 2
add a new authenticator for light-portal user management integration

Light-portal has its user management services to handler the user registration and login with Event Sourcing and CQRS based on the light-kafka streams. It is more scalable than a relational database and supports multi-tenancy. For the light-portal client, we are going to use a customized authenticator to invoke the user-query service on the portal for authentication and authorization.
enhancement 1.6.x 2.0.x

opened by stevehu 2
remove Oracle database support

as Oracle JDBC driver is not available. We will provide a specific built version as a commerical offer for companies that need Oracle database support.

opened by stevehu 2
Bump hazelcast from 5.1 to 5.1.3
Bumps hazelcast from 5.1 to 5.1.3.

Release notes

Sourced from hazelcast's releases.

v5.1.3

This document lists the new features, enhancements, fixed issues, and removed or deprecated features for Hazelcast Platform 5.1.3 release. The numbers in the square brackets refer to the issues in Hazelcast's GitHub repositories.

==== 5.1.3 Release Notes ====

Enhancements

Improved connection handling. hazelcast/hazelcast#21641

Fixes

When the hazelcast.socket.buffer.direct property is enabled, clusters no longer throw exceptions in response to text protocols such as the REST API. hazelcast/hazelcast#21700

v5.1.2

This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast 5.1.2 release. The numbers in the square brackets refer to the issues in Hazelcast's GitHub repositories.

Fixes

Fixed an issue where a cluster could not be formed when security is enabled, various client permissions are set, and multiple members are started simultaneously. #21510

Fixed an issue where a cluster was unresponsive when you perform a health check to see the members are in the safe state; cluster members were hanging in the REPLICA_NOT_SYNC state during such health checks. #21208

Fixed an issue where the list of members in the cluster was reset to an empty list when the UUID of a cluster changes after its restart: this was causing startup failures since Hazelcast could not manage the events due to the empty member list after a restart. #21178

Fixed an issue where the statistics like puts and removals were not increasing when these operations are executed through Transactional interface. #21107

Fixed a data race in SingleProtocolEncoder; while one method of this interface is called from the input thread, another one is called from the output thread which was causing the race. #20994

Fixed an issue where the automatic module name in hazelcast-5.x.jar could not be detected using Gradle. The reason was /META-INF/MANIFEST.MF not being the first or second entry in the JAR file; now this manifest file is the second entry. #20976

v5.1.1

This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast Platform 5.1.1 release. The numbers in the square brackets refer to the issues in Hazelcast's GitHub repositories.

Fixes

Fixed an issue where the partition migrations were failing when there is a single map in the cluster with Merkle trees enabled. #20929

Fixed a potential deadlock during partition migrations and inability to make progress while performing graceful shutdown with persistence enabled. #20813

Commits

cb64684 version update for 5.1.3 release

93838b2 Add release notes

4ec9bfa prepare release 5.1.3

f57fe22 Jetty Util dependencies are upgraded to version fixing CVE-2022-2047 [5.1.z] ...

d0aa92e Bump AWS Java SDK version to fix CVE-2022-31159 [5.1.z] (#21858)

24c12a8 Export jdk.management/com.ibm.. only for OpenJ9 VM [5.1.z] (#21814)

a56e6d5 Make TcpServerConnection.equals more robust [HZ-1202] (5.1.z) (#21641)

7e487db [5.1.z] Correctly handle the buffer copies when the dst is a direct buffer in...

7bb03a5 Delete DynamicConfigSlowPreJoinBouncingTest [HZ-978] (#21255) (#21656)

96c368f Disable hadoop test on IBM JDK17 (backport of #21120) (#21621)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 0
A certificate verification issue when get the public key used to verify JWT.

Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on Java language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository (i.e., light-oauth2) from Github, and a security issue detected by our detector are shown in the following. The specific security issues we found are as follows: (1) Location: Package: com.networknt.oauth.key.handler; Class: Oauth2KeysGetHandler.class Security issue: not verify the public key certificate used to validate JWT signature.

We detected that the handleRequest method get public key from the certificate without any verification. An attacker may use the private key corresponding to a revoked or expired or self-signed public key certificate to forge a JWT. We recommend to verify the validity of certificates and certificate chains to improve system security.

We wish the above security issues cloud truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forwart to your reply. Thanks.

opened by KANIXB 0
Light-OAuth2 issue

Hi,

i am unable to test , followed these two links

mariadb compose https://doc.networknt.com/tutorial/oauth/start/ try to registre client: https://doc.networknt.com/tutorial/oauth/client/ Mariadb 10.3 networknt/oauth2-XXX : 2.0.19

Client Error: ======= [admin@centos8 ~]$ curl -k -H "Content-Type: application/json" \

-X POST -d '{"clientType":"public","clientProfile":"mobile","clientName":"AccountViewer","clientDesc":"Retail Online Banking Account Viewer","scope":"act.r act.w","redirectUri": "http://localhost:8080/authorization","ownerId":"admin"}' https://localhost:6884/oauth2/client

{"statusCode":500,"code":"ERR10010","message":"RUNTIME_EXCEPTION","description":"Unexpected runtime exception","severity":"ERROR"}[admin@centos8 ~]$

Server Error ======== oauth2-client_1 | 22:09:34.459 [XNIO-1 task-1] lvfFJgRcSQWRcusNh4Z76Q ERROR c.n.exception.ExceptionHandler handleRequest - Exception: oauth2-client_1 | java.lang.RuntimeException: java.sql.SQLException: Trying to connect with ssl, but ssl not enabled in the server oauth2-client_1 | at com.networknt.oauth.cache.ClientMapStore.load(ClientMapStore.java:118) oauth2-client_1 | at com.networknt.oauth.cache.ClientMapStore.load(ClientMapStore.java:19) oauth2-client_1 | at com.hazelcast.map.impl.MapStoreWrapper.load(MapStoreWrapper.java:165) oauth2-client_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.load(WriteTh

opened by narayanab16 8
Runtime exception ERR10010 when registering new oauth service

Hello,

I'm trying to register a new oauth service and I'm receiving a runtime exception with code ERR10010. The console log from the oauth service suggests the service is trying to save a record with host=null to the service table in the database, violating a NOT NULL constraint on the host column. Any suggestion what might be causing this problem ?

Steps to reproduce:

docker-compose -f light-docker/docker-compose-oauth2-postgres.yml up

curl -k -H 'Content-Type: application/json' -X POST -d '{"serviceId":"TUTORIAL-PARTIES","serviceType":"openapi","serviceName":"TUTORIAL - Parties API","serviceDesc":"TUTORIAL - An example of a simple Parties API","scope":"accounts","ownerId":"admin"}' https://localhost:6883/oauth2/service

The above curl request returns the following error response: {"statusCode":500,"code":"ERR10010","message":"RUNTIME_EXCEPTION","description":"Unexpected runtime exception","severity":"ERROR"}

Here the messages I see logged to stdout:

oauth2-code_1 | HOST IP null oauth2-code_1 | Http port disabled. oauth2-code_1 | Https Server started on ip:0.0.0.0 Port:6881 oauth2-key_1 | HOST IP null oauth2-key_1 | Http port disabled. oauth2-key_1 | Https Server started on ip:0.0.0.0 Port:6886 oauth2-refresh-token_1 | HOST IP null oauth2-refresh-token_1 | Http port disabled. oauth2-refresh-token_1 | Https Server started on ip:0.0.0.0 Port:6887 oauth2-service_1 | HOST IP null oauth2-service_1 | Http port disabled. oauth2-token_1 | HOST IP null oauth2-token_1 | Http port disabled. oauth2-token_1 | Https Server started on ip:0.0.0.0 Port:6882 oauth2-service_1 | Https Server started on ip:0.0.0.0 Port:6883 oauth2-user_1 | HOST IP null oauth2-user_1 | Http port disabled. oauth2-user_1 | Https Server started on ip:0.0.0.0 Port:6885 oauth2-client_1 | Jul 30, 2020 3:42:59 PM com.hazelcast.internal.partition.impl.PartitionStateManager oauth2-client_1 | INFO: [172.18.0.6]:5701 [dev] [3.12] Initializing cluster partition table arrangement... postgresdb_1 | ERROR: null value in column "host" violates not-null constraint postgresdb_1 | DETAIL: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). postgresdb_1 | STATEMENT: INSERT INTO service (service_id, service_type, service_name, service_desc, scope, owner_id) VALUES ($1, $2, $3, $4, $5, $6) oauth2-code_1 | 15:44:29.271 [hz._hzInstance_1_dev.partition-operation.thread-0] ERROR c.n.oauth.cache.ServiceMapStore store - Exception: oauth2-code_1 | org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-code_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2458) oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2158) oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:291) oauth2-code_1 | at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:432) oauth2-code_1 | at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:358) oauth2-code_1 | at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:171) oauth2-code_1 | at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:138) oauth2-code_1 | at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61) oauth2-code_1 | at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java) oauth2-code_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:50) oauth2-code_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:19) oauth2-code_1 | at com.hazelcast.map.impl.MapStoreWrapper.store(MapStoreWrapper.java:121) oauth2-code_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:39) oauth2-code_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:28) oauth2-code_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.putInternal(DefaultRecordStore.java:698) oauth2-code_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.set(DefaultRecordStore.java:681) oauth2-code_1 | at com.hazelcast.map.impl.operation.SetOperation.run(SetOperation.java:39) oauth2-code_1 | at com.hazelcast.spi.Operation.call(Operation.java:170) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:210) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:199) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:416) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:153) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:123) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.run(OperationThread.java:110) oauth2-code_1 | Jul 30, 2020 3:44:29 PM com.hazelcast.map.impl.operation.SetOperation oauth2-code_1 | SEVERE: [172.18.0.7]:5701 [dev] [3.12] org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-code_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-code_1 | java.lang.RuntimeException: org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-code_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-code_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:53) oauth2-code_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:19) oauth2-code_1 | at com.hazelcast.map.impl.MapStoreWrapper.store(MapStoreWrapper.java:121) oauth2-code_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:39) oauth2-code_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:28) oauth2-code_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.putInternal(DefaultRecordStore.java:698) oauth2-code_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.set(DefaultRecordStore.java:681) oauth2-code_1 | at com.hazelcast.map.impl.operation.SetOperation.run(SetOperation.java:39) oauth2-code_1 | at com.hazelcast.spi.Operation.call(Operation.java:170) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:210) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:199) oauth2-code_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:416) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:153) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:123) oauth2-code_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.run(OperationThread.java:110) oauth2-code_1 | Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-code_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2458) oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2158) oauth2-code_1 | at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:291) oauth2-code_1 | at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:432) oauth2-code_1 | at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:358) oauth2-code_1 | at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:171) oauth2-code_1 | at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:138) oauth2-code_1 | at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61) oauth2-code_1 | at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java) oauth2-code_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:50) oauth2-code_1 | ... 14 more oauth2-code_1 | oauth2-service_1 | 15:44:29.301 [XNIO-1 task-6] tYCoDTKsStCOp6j3fq15Nw ERROR c.n.exception.ExceptionHandler handleRequest - Exception: oauth2-service_1 | java.lang.RuntimeException: org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-service_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-service_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:53) oauth2-service_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:19) oauth2-service_1 | at com.hazelcast.map.impl.MapStoreWrapper.store(MapStoreWrapper.java:121) oauth2-service_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:39) oauth2-service_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:28) oauth2-service_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.putInternal(DefaultRecordStore.java:698) oauth2-service_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.set(DefaultRecordStore.java:681) oauth2-service_1 | at com.hazelcast.map.impl.operation.SetOperation.run(SetOperation.java:39) oauth2-service_1 | at com.hazelcast.spi.Operation.call(Operation.java:170) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:210) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:199) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:416) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:153) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:123) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.run(OperationThread.java:110) oauth2-service_1 | at ------ submitted from ------.(Unknown Source) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.InvocationFuture.resolve(InvocationFuture.java:126) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.InvocationFuture.resolveAndThrowIfException(InvocationFuture.java:79) oauth2-service_1 | at com.hazelcast.spi.impl.AbstractInvocationFuture.get(AbstractInvocationFuture.java:163) oauth2-service_1 | at com.hazelcast.map.impl.proxy.MapProxySupport.invokeOperation(MapProxySupport.java:434) oauth2-service_1 | at com.hazelcast.map.impl.proxy.MapProxySupport.setInternal(MapProxySupport.java:501) oauth2-service_1 | at com.hazelcast.map.impl.proxy.NearCachedMapProxyImpl.setInternal(NearCachedMapProxyImpl.java:257) oauth2-service_1 | at com.hazelcast.map.impl.proxy.MapProxyImpl.set(MapProxyImpl.java:246) oauth2-service_1 | at com.hazelcast.map.impl.proxy.MapProxyImpl.set(MapProxyImpl.java:237) oauth2-service_1 | at com.networknt.oauth.service.handler.Oauth2ServicePostHandler.handleRequest(Oauth2ServicePostHandler.java:43) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.openapi.ValidatorHandler.handleRequest(ValidatorHandler.java:94) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.audit.AuditHandler.next(AuditHandler.java:154) oauth2-service_1 | at com.networknt.audit.AuditHandler.handleRequest(AuditHandler.java:143) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.body.BodyHandler.handleRequest(BodyHandler.java:116) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.openapi.OpenApiHandler.handleRequest(OpenApiHandler.java:108) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.correlation.CorrelationHandler.handleRequest(CorrelationHandler.java:77) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.traceability.TraceabilityHandler.handleRequest(TraceabilityHandler.java:66) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:208) oauth2-service_1 | at com.networknt.handler.Handler.next(Handler.java:229) oauth2-service_1 | at com.networknt.exception.ExceptionHandler.handleRequest(ExceptionHandler.java:76) oauth2-service_1 | at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376) oauth2-service_1 | at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) oauth2-service_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) oauth2-service_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) oauth2-service_1 | at java.base/java.lang.Thread.run(Unknown Source) oauth2-service_1 | Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "host" violates not-null constraint oauth2-service_1 | Detail: Failing row contains (TUTORIAL-PARTIES, openapi, TUTORIAL - Parties API, TUTORIAL - An example of a simple Parties API, accounts, admin, null). oauth2-service_1 | at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2458) oauth2-service_1 | at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2158) oauth2-service_1 | at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:291) oauth2-service_1 | at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:432) oauth2-service_1 | at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:358) oauth2-service_1 | at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:171) oauth2-service_1 | at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:138) oauth2-service_1 | at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61) oauth2-service_1 | at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java) oauth2-service_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:50) oauth2-service_1 | at com.networknt.oauth.cache.ServiceMapStore.store(ServiceMapStore.java:19) oauth2-service_1 | at com.hazelcast.map.impl.MapStoreWrapper.store(MapStoreWrapper.java:121) oauth2-service_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:39) oauth2-service_1 | at com.hazelcast.map.impl.mapstore.writethrough.WriteThroughStore.add(WriteThroughStore.java:28) oauth2-service_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.putInternal(DefaultRecordStore.java:698) oauth2-service_1 | at com.hazelcast.map.impl.recordstore.DefaultRecordStore.set(DefaultRecordStore.java:681) oauth2-service_1 | at com.hazelcast.map.impl.operation.SetOperation.run(SetOperation.java:39) oauth2-service_1 | at com.hazelcast.spi.Operation.call(Operation.java:170) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:210) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:199) oauth2-service_1 | at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:416) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:153) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:123) oauth2-service_1 | at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.run(OperationThread.java:110) oauth2-service_1 | 15:44:29.461 [XNIO-1 task-6] tYCoDTKsStCOp6j3fq15Nw ERROR c.networknt.handler.LightHttpHandler setExchangeStatus - {"statusCode":500,"code":"ERR10010","message":"RUNTIME_EXCEPTION","description":"Unexpected runtime exception","severity":"ERROR"} at com.networknt.handler.LightHttpHandler.setExchangeStatus(LightHttpHandler.java:67)

opened by hauk3wu1ff 2

Releases(2.1.4)

2.1.4(Nov 30, 2022)

2.1.4 (2022-11-30)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.1.3(Nov 11, 2022)

2.1.3 (2022-11-10)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.1.2(Oct 22, 2022)
2.1.2 (2022-10-22)

Merged pull requests:

fixes #362 disable LDAP test case with ApacheDirectoryServer #363 (stevehu)

fixes #359 update key test case to meet the requirement for multiple … #360 (stevehu)

Bump postgresql from 42.3.3 to 42.4.1 #357 (dependabot)

fixes #353 update the key service to use SecurityConfig #354 (stevehu)

Source code(tar.gz)
Source code(zip)
2.1.1(Apr 27, 2022)
2.1.1 (2022-04-26)

Merged pull requests:

fixes #350 down port the jwk implementation from oauth-kafka in key s… #351 (stevehu)

fixes #348 update bootstrap token test case for the wrong scope #349 (stevehu)

fixes #346 change the default bootstrapScope to portal.w in oauth-tok… #347 (stevehu)

Bump hazelcast from 4.2.4 to 5.1 #345 (dependabot)

fixes #343 upgrade hazelcast-kubernetes to 2.2.3 from 1.1.0 to resolv… #344 (stevehu)

Source code(tar.gz)
Source code(zip)
1.6.39(Apr 26, 2022)

1.6.39 (2022-04-26)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.1.0(Feb 28, 2022)
2.1.0 (2022-02-27)

Merged pull requests:

Bump postgresql from 42.2.25 to 42.3.3 #342 (dependabot)

Bump postgresql from 9.4.1211 to 42.2.25 #341 (dependabot)

fixes #339 upgrade hazelcast to 4.2.4 and change the packages #340 (stevehu)

Bump hazelcast from 3.12 to 4.0.5 #338 (dependabot)

Bump h2 from 2.0.206 to 2.1.210 #337 (dependabot)

fixes #335 update the h2 drop table sequence to avoid constrain error #336 (stevehu)

fixes #333 update the cache module server.yml to use h2 in memory ins… #334 (stevehu)

Bump h2 from 1.4.196 to 2.0.206 #332 (dependabot)

Source code(tar.gz)
Source code(zip)
1.6.37(Nov 11, 2021)

1.6.37 (2021-11-10)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.32(Oct 19, 2021)

2.0.32 (2021-10-19)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.31(Sep 22, 2021)
2.0.31 (2021-09-22)

Merged pull requests:

Bump tmpl from 1.0.4 to 1.0.5 in /login-view #327 (dependabot)

fixes #325 implement a new grant type bootstrap_token to create long-… #326 (stevehu)

Source code(tar.gz)
Source code(zip)
2.0.30(Aug 24, 2021)
2.0.30 (2021-08-24)

Merged pull requests:

Bump url-parse from 1.5.1 to 1.5.3 in /login-view #324 (dependabot)

Bump path-parse from 1.0.6 to 1.0.7 in /login-view #323 (dependabot)

Source code(tar.gz)
Source code(zip)
2.0.29(Jul 26, 2021)
2.0.29 (2021-07-25)

Merged pull requests:

fixes #321 potential NPE when users follow the tutorial with curl com… #322 (stevehu)

fixes #318 update TestServer to replace Server.config with Server.get… #319 (stevehu)

Source code(tar.gz)
Source code(zip)
2.0.28(Jun 27, 2021)
2.0.28 (2021-06-27)

Merged pull requests:

Bump color-string from 1.5.3 to 1.5.5 in /login-view #316 (dependabot)

Bump ws from 5.2.2 to 5.2.3 in /login-view #317 (dependabot)

Bump merge-deep from 3.0.2 to 3.0.3 in /login-view #315 (dependabot)

Bump dns-packet from 1.3.1 to 1.3.4 in /login-view #314 (dependabot)

Source code(tar.gz)
Source code(zip)
1.6.36(Jun 27, 2021)

1.6.36 (2021-06-27)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.27(May 26, 2021)
2.0.27 (2021-05-25)

Merged pull requests:

Bump hosted-git-info from 2.8.8 to 2.8.9 in /login-view #313 (dependabot)

Bump url-parse from 1.4.7 to 1.5.1 in /login-view #312 (dependabot)

fixes #310 rollback the change to the parent pom.xml to recover autho… #311 (stevehu)

Source code(tar.gz)
Source code(zip)
1.6.35(May 11, 2021)

1.6.35 (2021-05-10)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.26(Apr 28, 2021)
2.0.26 (2021-04-27)

Merged pull requests:

Bump elliptic from 6.5.3 to 6.5.4 in /login-view #307 (dependabot)

Bump ssri from 6.0.1 to 6.0.2 in /login-view #308 (dependabot)

Source code(tar.gz)
Source code(zip)
1.6.34(Apr 28, 2021)

1.6.34 (2021-04-27)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.25(Mar 28, 2021)
2.0.25 (2021-03-28)

Merged pull requests:

fixes #305 update test case to eliminate the interference on a faster… #306 (stevehu)

Source code(tar.gz)
Source code(zip)
1.6.33(Mar 28, 2021)
1.6.33 (2021-03-28)

Merged pull requests:

fixes #305 update test case to eliminate the interference on a faster… #306 (stevehu)

Source code(tar.gz)
Source code(zip)
2.0.24(Feb 24, 2021)
2.0.24 (2021-02-24)

Merged pull requests:

Bump version.jackson from 2.10.4 to 2.12.1 #304 (dependabot)

Source code(tar.gz)
Source code(zip)
1.6.32(Feb 24, 2021)

1.6.32 (2021-02-24)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.23(Jan 29, 2021)

2.0.23 (2021-01-29)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
1.6.31(Jan 29, 2021)

1.6.31 (2021-01-29)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
1.6.30(Dec 23, 2020)

1.6.30 (2020-12-22)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.22(Dec 22, 2020)
2.0.22 (2020-12-22)

Merged pull requests:

Bump ini from 1.3.5 to 1.3.7 in /login-view #303 (dependabot)

Source code(tar.gz)
Source code(zip)
2.0.21(Nov 25, 2020)
2.0.21 (2020-11-25)

Merged pull requests:

fixes #301 update server.yml to add keystore and truststore passwords #302 (stevehu)

fixes #299 add password to the jwt.yml as the secret.yml is removed #300 (stevehu)

Source code(tar.gz)
Source code(zip)
2.0.20(Nov 5, 2020)

2.0.20 (2020-11-05)

Merged pull requests:
Source code(tar.gz)
Source code(zip)
2.0.19(Nov 1, 2020)
2.0.19 (2020-11-01)

Merged pull requests:

Bump junit from 4.12 to 4.13.1 #298 (dependabot)

Source code(tar.gz)
Source code(zip)
1.6.29(Nov 1, 2020)
1.6.29 (2020-11-01)

Merged pull requests:

Bump junit from 4.12 to 4.13.1 #298 (dependabot)

Source code(tar.gz)
Source code(zip)
2.0.18(Oct 1, 2020)
2.0.18 (2020-10-01)

Merged pull requests:

fixes #293 add google and facebook login for the login-view #294 (stevehu)

Source code(tar.gz)
Source code(zip)