dependencies: bump com.c4-soft.springaddons:spring-addons-oauth2-test from 7.6.13 to 7.7.0

[dependabot[bot]]

Bumps com.c4-soft.springaddons:spring-addons-oauth2-test from 7.6.13 to 7.7.0.

Changelog

Sourced from com.c4-soft.springaddons:spring-addons-oauth2-test's changelog.

7.7.0

• gh-213: native-images compatibility:
  • add missing @NestedConfigurationProperty to SpringAddonsOidcProperties#client and SpringAddonsOidcProperties#resourceserver
  • declare all other @ConfigurationProperty as nested classes of either SpringAddonsOidcProperties, SpringAddonsOidcClientProperties or SpringAddonsOidcResourceServerProperties

7.6.11

• Spring Boot 3.2.4

7.6.10

• Improve the declaration of additional parameters for authorization and token requests:

com:
  c4-soft:
    springaddons:
      oidc:
        client:
          authorization-request-params:
            auth0-confidential-user:
            - name: audience
              value: demo.c4-soft.com
          token-request-params:
            auth0-confidential-user:
            - name: audience
              value: demo.c4-soft.com

becomes:

com:
  c4-soft:
    springaddons:
      oidc:
        client:
          authorization-params:
            auth0-confidential-user:
              audience: demo.c4-soft.com
          token-params:
            auth0-confidential-user:
              audience: demo.c4-soft.com

For backward compatibility, the enhanced syntax is available from new parameters (authorization-request-params => authorization-params and token-request-params => token-params).

Note that multi-valued parameters are correctly handle for token endpoints, but there is a limitation in the way Spring's OAuth2AuthorizationRequest additional params are processed forcing to use single-valued parameters. If providing with a string array in spring-addons authorization-params properties, it is joined using comas.

• SpringAddons(Server)OAuth2AuthorizationRequestResolver now exposes getOAuth2AuthorizationRequestCustomizer(HttpServletRequest request, String clientRegistrationId). To add parameters depending on the request, in addition to the PKCE token (if enabled) and "static" parameters defined in spring-addons properties, you can expose something like:

@Component
public class MyOAuth2AuthorizationRequestResolver extends SpringAddonsOAuth2AuthorizationRequestResolver {
public MyOAuth2AuthorizationRequestResolver(
		OAuth2ClientProperties bootClientProperties,

</tr></table>

... (truncated)

Commits

• ffe254c [maven-release-plugin] prepare release spring-addons-7.7.0
• 703d255 gh-213 native images compatibility of @​ConfigurationProperties
• 7a203a7 Javadoc for @​WithOAuth2Login and @​WithOidcLogin
• 3d452f4 cleanup releaseBackup files
• 287811a [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)