Context

Currently, magnolia-sso module is using Pac4j version 5.4.6, and Pac4j has released 5.7.x quite some times.

ACs:

• Make use of the latest Pac4j version 5.7.x (current is 5.7.0) to have better shape for SSO module

Development notes:

I had a scan through the change log (https://github.com/pac4j/pac4j/blob/master/documentation/docs/release-notes.md#jdk11) from 5.4.6 to 5.7.0, there is a change could impact the SSO module directly:

v5.7.0:
The oauth.getProfileCreator() and the oidc.getProfileCreator() can directly be used in the ParameterClient, HeaderClient and DirectBearerAuthClient for bearer calls; Deprecated the UserInfoOidcAuthenticator

Cause we are using UserInfoOidcAuthenticator for HTTP Bearer authentication, cc mgeljic . So, we have to review this and find an alternative authenticator.

Discovery

• In general, this will not have any blocker issue in the upgrade process
• About the deprecated UserInfoOidcAuthenticator , we can still use the authenticator or even better to refactor it to use oidc.getProfileCreator() instead