THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- JoseSessionTokenProvider can be used as a custom SessionAuthenticityTokenProvider with AuthorizationCodeGrantService or ImplicitService
- JoseClientCodeStateManager can be used with ClientCodeRequestFilter in confidential client web applications.
- JWT assertion client and server grant handlers are shipped in this package.
- JwtRequestCodeFilter and JwetRequestCodeGrant are provided to support securing authorization code and implicit flow request properties.
- Initial utility code for representing JWT as access tokens is provided and to be extended further.
- A number of utiliy classes for working with JWT are available: OAuthJoseJwtConsumer, OAuthJoseJwtProducer and OAuthServerJoseJwtProducer. These classes extend JOSE producer and consumer helpers and support the use of OAuth2 Client secrets and public certificates in JWS or JWE operations.
OAuth2 and OIDC
CXF shipis OIDC RP and IDP service code which depends on its OAuth2 and JOSE implementations. See this page for more information.
Design considerations
...
CXF 2.6.1 provides an initial support for a SAML2 SSO SP profile. This will make it easier to minimize a number of sign ins to a single attempt and run OAuth2 Authorization servers separately from the application endpoints.
CXF 3.1.7 offers OpenId Connect RP support.