Version 2.14.0
❗ IMPORTANT Update ❗
The zone_uuid
claim in Identity service tokens has been deprecated and is now replaced by the app_tid
claim. You should use the app_tid
claim to identify the unique tenant id, which was previously referred to as the zone.
- [java-api]
Token
interface is extended with default methodgetAppTid()
andgetZoneId()
method has been deprecated, usegetAppTid()
method instead⚠️ This is also relevant for Xsuaa applications not only Identity based applicationsTokenClaims
is extended with theSAP_GLOBAL_APP_TID
andSAP_GLOBAL_ZONE_ID
is deprecated
- [token-client]
OAuth2TokenKeyService
interface has been extended withretrieveTokenKeys(@Nonnull URI tokenKeysEndpointUri, @Nullable String tenantId, @Nullable String clientId)
methodHttpHeaders
constants are extended withX-app_tid
andX-client_id
headers- JWKs fetch from identity service going forward requires mandatory headers:
X-app_tid
andX-client_id
this has been updated in the default implementations of theOAuth2TokenKeyService
:DefaultOAuth2TokenKeyService
OAuth2TokenKeyServiceWithCache
(java-security module)SpringOAuth2TokenKeyService
- [java-security]
AbstractToken
is serializable #1207 - [java-security-test]
JwtGenerator
addsapp_tid
claims with the default valuethe-app-tid
to the Identity tokens. ❗Some adaption might be required when calling thegetZoneId()
method as it will return now theapp_tid
value back when default values are used.
Dependency upgrades
- Bump spring.core.version from 5.3.27 to 5.3.29
- Bump spring.boot.version from 2.7.10 to 2.7.14
- Bump spring.security.version from 5.8.3 to 5.8.5
- Bump reactor-core from 3.4.24 to 3.4.31
- Bump btp-environment-variable-access from 0.6.0 to 0.8.0
- Bump json from 20230227 to 20230618
- Bump commons-io from 2.11.0 to 2.13.0