Liferay Plugin for OAuth 2.0

OAuth 2.0 is an industry-standard authorization protocol. Users can seamlessly share select credentials from another website to log into yours. It works by authorizing password-less access to portions of user-owned resources (such as an email address, a user profile picture, or something else from your account) and other permissioned resources.

This app is released and patched through regular Fix Pack and Service Pack releases in DXP 7.1 FP17+ (SP4+) and DXP 7.2 FP5+ (SP2+) as of https://issues.liferay.com/browse/LPS-110306. Liferay Support's fix delivery method has changed from Hotfix LPKG to standard Hotfix.
  • DXP 7.1 FP17/SP4 includes v1.1.2
  • DXP 7.2 FP5/SP2 includes v2.0.3
Latest Changes
  • LPS-103302 Use ListUtil.fromArray instead of ListUtil.toList
  • LPS-104435 Update publishing scripts to run against the master branch
  • LPS-105380 SourceFormatter Improvements
  • LPS-107697 Default value of configuration with escaped character can not be unescaped when read
  • LPS-108614 Simplify bitmask and original values in models
  • LPS-115420 Add support to clean up FinderCache automatically when EntityCache is updated
  • LPS-115531 addRole with role and multiple parameters behaves differently
  • LPS-74544 SourceFormatter improvements
  • LPS-77425 Create a task to increase all major versions of modules and portal artifacts
  • LPS-77699 Update Translations
  • LPS-78901 Remove com.liferay.osgi.util dependency from service builder modules
  • LPS-79653 Portlet 3.0: Upgrade to the Portlet 3.0.0 API
  • LPS-79679 SourceFormatter improvements
  • LPS-80517 GREEDY @Reference must also be DYNAMIC to prevent tons of meaningless component activation/deactivation whi...
  • LPS-81723 Some categorizations of the configurations in System Settings are not matching user's expectations
  • LPS-81952 Gogo commands to show conflicts in JAX-RS whiteboard services
  • LPS-82252 Current defaults make necessary to create too many config files to use verifier and OAuth2
  • LPS-82343 Consolidate language keys
  • LPS-82460 Aries JAX-RS whiteboard doesn't log properly
  • LPS-82828 Simplify deprecation javadoc by using release code name instead of version
  • LPS-84092 Apply Petra-String StringBundler to modules starting with H to O
  • LPS-84119 SourceFormatter improvements
  • LPS-85296 Clean up @Component annotation
  • LPS-86408 Set default Java version to 1.8 for OSGi projects
  • LPS-86806 Create Java Parser
  • LPS-87590 Add Kazakh as a Community Language
  • LPS-88171 Apply formatting for spring framework annotations
  • LPS-89123 Whiteboard: change the underlying JAXB impl to Jackson
  • LPS-90379 Always use javax.ws.rs-api 2.1 vs. 2.0.1
  • LPS-90412 Jaxb jackson MessageBodyWriter overrides one registered in Vulcan feature
  • LPS-91463 REST Builder generated files should not depend on OAuth at runtime
  • LPS-91514 CORS Application Support
  • LPS-92253 Rename *Rest* classes to REST for consistency's sake
  • LPS-94555 Add Tamil as a Community Language
  • LPS-95096 JavadocFormatter broken
  • LPS-95413 Remove lib/development/biz.aQute.bnd.jar
  • LPS-95555 Unify osgi.core versions in build.gradle files
  • LPS-96318 Upgrade JAX-RS whiteboard support to 1.0.5 release
  • LPS-97971 @Context for JAX-RS is slowing down boot up
  • LPS-98143 Optimize LiferayAccessTokenServiceRegistrator
  • LPS-98877 Sync portlet-api version
  • LPS-98879 Sync servlet-api versions
  • LPS-99657 Enforce consistency for packages
  • LPS-99919 Remove support of terracotta
  • LRDOCS-5040 OAUTH2-115 javadocs liferay-portal master
  • LRDOCS-5069 COMMERCE-299 javadocs and other docs in liferay-portal master
  • LRDOCS-8120 Javadoc: Don't tell API consumers to use the LocalServiceUtil
  • LRQA-51488 Clarifying strings
  • OAUTH2-109 OAuth2 Provider Scopes API for JAX-RS applications to use annotation to declare and check scopes
  • OAUTH2-111 Scopes SPI for OAuth2 applications to influence their behavior and OAuth2 Provider behavior
  • OAUTH2-115 Scopes Liferay API for integrating apps in a Liferay environment
  • OAUTH2-116 SPI to extend the REST capabilities of the Liferay OAuth2 provider
  • OAUTH2-124 Merge REST module to master
  • OAUTH2-126 OAuth2 scopes are not narrowed down when client requests
  • OAUTH2-127 CXF Configuration can be created multiple times
  • OAUTH2-128 Move OAuth2 into whiteboard
  • OAUTH2-130 Merge missing ApplicationDescriptorLocator in oauth2-provider-scope-impl module
  • OAUTH2-131 Merge tests modules into master
  • OAUTH2-139 APIO can't define scopes for OAuth2 without developing custom components
  • OAUTH2-143 Applications using both OAuth2 and basic can't check scopes in OAuth2
  • OAUTH2-150 NullPointerException in BaseScopeCheckerContainerRequestFilter
  • OAUTH2-157 JSONWS scope names matching must correlate to SAP entry relationships
  • OAUTH2-161 Server error when multiple redirect URIs are specified but none provided
  • OAUTH2-168 Make sure no page needs to be created for Authorization Code grant flow
  • OAUTH2-170 "OAuth2" should not be present in ConfigurableScopeCheckerFeatureConfiguration localization
  • OAUTH2-172 Authorization Code grant flow is not honoring scope narrow down
  • OAUTH2-202 User must be Site Member to use OAuth2 Authorize portlet
  • OAUTH2-208 OAuth2 Applications is not translated to any other language
  • OAUTH2-209 Upgrade CXF OAuth2 modules to latest version
  • OAUTH2-210 Using wrong clientId with Authorization Code Flow Grant log and outputs an error message
  • OAUTH2-211 Getting token using authorization code flow results in a warn message being logged to the console
  • OAUTH2-227 Refresh Token Recycling
  • OAUTH2-229 Authorization request fails if server is using a proxy to redirect from https -> http (WeDeploy)
  • OAUTH2-236 Authorization flow breaks if referring to portal by IP not in redirect.url.ips.allowed
  • OAUTH2-238 Support ability to create custom RequiresScope annotations
  • OAUTH2-239 Rename property oauth2.scopechecker.type to oauth2.scope.checker.type
  • OAUTH2-240 Support scope annotations on implemented interfaces
  • OAUTH2-241 Update default configurations for PrefixHandler and ScopeMapper
  • OAUTH2-242 OAuth2 Authorization Code is not working in cluster environment
  • OAUTH2-243 ScopeMatcher should be applied before and after ScopeMapper and PrefixHandler
  • OAUTH2-251 Scope aliases to application permissions table loses information
  • OAUTH2-252 ScopeDescriptorLocator must support companyId
  • OAUTH2-255 SAP Whitelisted JAX-RS resource cannot be accessed with no access token
  • OAUTH2-258 Data too long for column 'RemoteIPInfo'
  • OAUTH2-259 Allow Client Credentials grant flow to specify the user that the token will be granted as
  • OAUTH2-266 HttpMethodFeature does not collect scopes dynamically
  • OAUTH2-271 Authorization code flow using a redirect uri with custom protocol doesn't work
  • OAUTH2-289 Fail to grant authorizations
Show More

Customers Who Viewed This Also Bought