search

navikt / mock-oauth2-server

A scriptable/customizable web server for testing HTTP clients using OAuth2/OpenID Connect or applications with a dependency to a running OAuth2 server (i.e. APIs requiring signed JWTs from a known issuer)
MIT License
223 stars 54 forks source link

Breaking change in constructor for `OAuth2Config` after 2.1.3 #680

Closed tronghn closed 1 week ago

tronghn commented 1 month ago

From @jan-olaveide:

https://github.com/navikt/mock-oauth2-server/pull/645 added the ability to rotate refresh tokens together with a new parameter for the OAuth2Config class.

This breaks for consuming code that doesn't explicitly define parameter names during construction, e.g. https://github.com/navikt/token-support/blob/master/token-validation-spring-test/src/main/kotlin/no/nav/security/token/support/spring/test/MockOAuth2ServerAutoConfiguration.kt

Ideally, new parameters with default values could be added to the end of the constructor to prevent such breakage. Otherwise this could have warranted a minor version bump.

tronghn commented 1 week ago

At this point the breaking change happened some time ago and is an easy fix for consuming code. The provided example has fixed their use of the class. It'd probably be counter-productive to move the parameter order again now.

I've updated the 2.1.3 release that notes this change. Other than that, we'll just have to be more diligent in both considering breaking changes to public classes as well as following semver practices in the future.