Merge branch 'release/0.8.0'

Author: overheadhunter

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "06:00"
+      timezone: "UTC"
+    groups:
+      maven-dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/release.yml

@@ -0,0 +1,23 @@
+# .github/release.yml
+# see https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes
+
+changelog:
+  exclude:
+    authors:
+      - cryptobot
+      - dependabot
+      - github-actions
+  categories:
+    - title: What's New 🎉
+      labels:
+        - enhancement
+    - title: Bugfixes 🐛
+      labels:
+        - bug
+    - title: Other Changes 📎
+      labels:
+        - "*"
+      exclude:
+        labels:
+          - bug
+          - enhancement

.github/workflows/build.yml

@@ -7,12 +7,12 @@ jobs:
     runs-on: ubuntu-latest
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-java@v3
         with:
-          java-version: 11
+          java-version: 21
           distribution: temurin
           cache: 'maven'
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
@@ -44,7 +44,7 @@ jobs:
       - uses: actions/setup-java@v3
         if: startsWith(github.ref, 'refs/tags/')
         with:
-          java-version: 11
+          java-version: 21
           distribution: temurin
           cache: 'maven'
           server-id: ossrh

README.md

@@ -17,40 +17,60 @@ support for [PKCE](https://datatracker.ietf.org/doc/html/rfc8252#section-8.1) an
 
 ## Usage
 
-Configure your authorization server to allow `http://127.0.0.1/*` as a redirect target and look up these configuration values:
+This library requires an instance of [`java.net.http.HttpClient`](https://docs.oracle.com/en/java/javase/21/docs/api/java.net.http/java/net/http/HttpClient.html).
 
-* client identifier
-* token endpoint
-* authorization endpoint
+```java
+// usually the default is sufficent:
+var httpClient = HttpClient.newHttpClient();
+
+// but feel free to adjust it to your needs, e.g. by applying custom proxy settings:
+var httpClient = HttpClient.newBuilder()
+    .proxy(ProxySelector.of(InetSocketAddress.createUnresolved("https:\\example.com",1337)))
+    .build();
+```
+
+Now to begin, start building an OAuth 2.0 Client via the fluent API:
 
 ```java
-// this library will just perform the Authorization Flow:
-var httpResponse = TinyOAuth2.client("oauth-client-id")
-		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token"))
-        .withRequestTimeout(Duration.ofSeconds(10)) // optional
-		.authFlow(URI.create("https://login.example.com/oauth2/authorize"))
-		.authorize(uri -> System.out.println("Please login on " + uri));
+var oauthClient = TinyOAuth2.client("oauth-client-id") // The client identifier
+		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token")) // The token endpoint
+		.withRequestTimeout(Duration.ofSeconds(10)) // optional
+        // ...
+```
 
-// from this point onwards, please proceed with the JSON/JWT parser of your choice:
-if (httpResponse.statusCode() == 200) {
-	var jsonString = httpResponse.body()
-	var bearerToken = parseJson(jsonString).get("access_token");
-	// ...
-}
+Next, continue with a specific grant type by invoking `.authorizationCodeGrant(...)` or `.clientCredentialsGrant(...)` (more may be added eventually).
+
+### Authorization Code Grant
+Usually, you would want to use the [Authorization Code Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1) type to obtain access tokens.
+Configure your Authorization Server to allow `http://127.0.0.1/*` as a redirect target and look up the authorization endpoint:
+
+```java
+// this library will just perform the Authorization Flow:
+var httpResponse = oauthClient.authorizationCodeGrant(URI.create("https://login.example.com/oauth2/authorize"))
+		.authorize(httpClient, uri -> System.out.println("Please login on " + uri), "openid", "profile"); // optionally add scopes here);
 ```
 
-If you wish to use a proxy or your own set of root certificates, provide your own JDK [http client](https://docs.oracle.com/en/java/javase/11/docs/api/java.net.http/java/net/http/HttpClient.html):
+If your authorization server doesn't allow wildcards, you can also configure a fixed path (and even port) via e.g. `setRedirectPath("/callback")` and `setRedirectPorts(8080)` before calling `authorize(...)`.
+
+### Client Credentials Grant
+Alternatively, if your client shall act on behalf of a service account, use the [Client Credentials Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) type,
+which allows the client to authenticate directly without further user interaction:
+
 ```java
-var httpClient = HttpClient.newBuilder()
-        .proxy(ProxySelector.of(InetSocketAddress.createUnresolved("https:\\example.com",1337)))
-        .build();
-var httpResponse = TinyOAuth2.client("oauth-client-id")
-		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token"))
-		.authFlow(URI.create("https://login.example.com/oauth2/authorize"))
-		.authorize(httpClient, uri -> System.out.println("Please login on " + uri));
+var httpResponse = oauthClient.clientCredentialsGrant(UTF_8, "client secret")
+        .authorize(httpClient, "openid", "profile"); // optionally add scopes here
 ```
 
-If your authorization server doesn't allow wildcards, you can also configure a fixed path (and even port) via e.g. `setRedirectPath("/callback")` and `setRedirectPorts(8080)`.
+### Parsing the Response
+For maximum flexibility and minimal attack surface, this library does not include or depend on a specific parser. Instead, use a JSON or JWT parser of your choice to parse the Authorization Server's response:
+
+```java
+if (httpResponse.statusCode() == 200) {
+		var jsonString = httpResponse.body()
+		var bearerToken = parseJson(jsonString).get("access_token");
+		// ...
+}
+```
 
 ## Why this library?
 

pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>io.github.coffeelibs</groupId>
 	<artifactId>tiny-oauth2-client</artifactId>
-	<version>0.7.0</version>
+	<version>0.8.0</version>
 	<name>Tiny OAuth2 Client</name>
 	<description>Zero Dependency RFC 8252 Authorization Flow</description>
 	<inceptionYear>2022</inceptionYear>
@@ -41,7 +41,7 @@
 		<dependency>
 			<groupId>org.jetbrains</groupId>
 			<artifactId>annotations</artifactId>
-			<version>23.0.0</version>
+			<version>24.0.1</version>
 			<scope>provided</scope>
 		</dependency>
 
@@ -54,7 +54,7 @@
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>
-			<version>5.5.0</version>
+			<version>5.6.0</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
@@ -72,7 +72,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.1.2</version>
+				<version>3.2.1</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
@@ -111,7 +111,7 @@
 					<plugin>
 						<groupId>org.jacoco</groupId>
 						<artifactId>jacoco-maven-plugin</artifactId>
-						<version>0.8.8</version>
+						<version>0.8.11</version>
 						<executions>
 							<execution>
 								<id>prepare-agent</id>
@@ -137,7 +137,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.1.0</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -172,7 +172,7 @@
 					<plugin>
 						<groupId>org.sonatype.plugins</groupId>
 						<artifactId>nexus-staging-maven-plugin</artifactId>
-						<version>1.6.8</version>
+						<version>1.6.13</version>
 						<extensions>true</extensions>
 						<configuration>
 							<serverId>ossrh</serverId>