Skip to content

Align dependencies with the version of Spring Security being used #256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Kehrlann opened this issue Mar 12, 2021 · 0 comments
Closed

Align dependencies with the version of Spring Security being used #256

Kehrlann opened this issue Mar 12, 2021 · 0 comments
Assignees
@Kehrlann
Labels
type: dependency-upgrade A dependency upgrade
Milestone
0.1.1

Comments

@Kehrlann
Copy link
Contributor

Kehrlann commented Mar 12, 2021
edited
Loading

Currently, spring-authorization-server is not compatible with spring-security:5.4.5. Setting springSecurityVersion=5.4.5 in gradle.properties make the tests fail.

This is due to Spring Security 5.4.5 downgrading com.nimbusds:nimbus-jose-jwt to 8+ from 9+ ; and spring-authorization-server pins com.nimbusds:nimbus-jose-jwt to 9.1.3 .

For info, Spring Boot 2.4.3 pulls in Security 5.4.5.
For reference, see issue about downgrading nimbus-jose-jwt: spring-projects/spring-security#9399

We should align whichever version is bundled with Spring-Security.
@Kehrlann Kehrlann added the type: enhancement A general enhancement label Mar 12, 2021
@Kehrlann Kehrlann mentioned this issue Mar 12, 2021
Closed
@jgrandja jgrandja added type: dependency-upgrade A dependency upgrade and removed type: enhancement A general enhancement labels Mar 15, 2021
@jgrandja jgrandja added this to the 0.1.1 milestone Mar 15, 2021
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@Kehrlann @jgrandja
Use nimbus-jose-jwt and oauth2-oidc-sdk versions from spring-security
fec5fd0 
- Spring Security 5.4.5 downgraded nimbus-jose-jwt to 8.+ from 9.+,
  which breaks NimbusJwsEncoder.
- Bump Security to 5.4.5, and Boot to 2.4.3 to match Security

Closes spring-projectsgh-256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Kehrlann Kehrlann

Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
0.1.1
2 participants
@Kehrlann @jgrandja