Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
95 Open 1,801 Closed
95 Open 1,801 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Add ServerWebExchange parameter to AuthorizationRequestCustomizer in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16320 opened Dec 20, 2024 by kse-music Loading…
1
@sjohnr
Pass Http Request to OAuth2AuthorizationRequestResolver#authorizationRequestCustomizer in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#16306 opened Dec 19, 2024 by ZIRAKrezovic
1
@sjohnr
Consider adding PrincipalResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16284 opened Dec 13, 2024 by sjohnr 6.5.x
@sjohnr
Remove Deprecated Usages of RemoteJWKSet in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16251 opened Dec 9, 2024 by jzheaux
1
@jzheaux @kwondh5217
5
The selectJwk method of NimbusJwtEncoder class should not throw Exception when jwks size great than one in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
#16170 opened Nov 26, 2024 by douxiaofeng99
2
Consider using @Fallback instead of BeanDefinitionRegistryPostProcessor for OAuth2AuthorizedClientManager in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16137 opened Nov 20, 2024 by sjohnr 6.5.x
@sjohnr
[OAuth2] Misconfigured OAuth2LoginAuthenticationFilter when combining OAuth2 login and OAuth2 client configuration in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16105 opened Nov 15, 2024 by BWohlbrecht 6.3.x
@sjohnr
2
OidcBackChannelLogoutWebFilter returns an error for unauthenticated ajax requests in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16073 opened Nov 12, 2024 by katya-tis
@jzheaux
1
Do not validate parameters in ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver if not enabled in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#16039 opened Nov 5, 2024 by jonah1und1 Loading…
@sjohnr
8
ServerBearerTokenAuthenticationConverter validates parameters when not enabled in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#16038 opened Nov 4, 2024 by sjohnr 6.2.x
@jonah1und1
1
Encode clientId and clientSecret for OpaqueTokenIntrospector and ReactiveOpaqueTokenIntrospector in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: blocked An issue that's blocked on an external project change type: bug A general bug
#16008 opened Oct 29, 2024 by ngocnhan-tran1996 Loading… 6.5.0-M1
1
@jzheaux
10
Expose getter for nameAttributeKey in OAuth2AuthenticatedPrincipal in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16003 opened Oct 26, 2024 by andreblanke Loading… 6.5.x
@jzheaux
24
Consider aligning OAuth 2.0 Access Token Response parsing in BodyExtractor in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16001 opened Oct 25, 2024 by sjohnr 6.5.x
@sjohnr
Implementations of OpaqueTokenIntrospector fail to URL encode client secret in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#15988 opened Oct 24, 2024 by joelossher 6.5.x
1
@ngocnhan-tran1996
8
Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: dependency-upgrade A dependency upgrade
#15951 opened Oct 18, 2024 by blackat
@jzheaux
3
Add support for custom grant types in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15884 opened Oct 7, 2024 by sjohnr Loading…
1
@sjohnr
Allow comma-delimited scopes in OAuth2 access token response in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15878 opened Oct 5, 2024 by bfanyuk
@sjohnr
3
Add OAuth2AuthorizedClientManager autoconfiguration without spring-boot-starter-web dependency in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15877 opened Oct 4, 2024 by yvasyliev
8
Consider adding ClientRegistrationIdResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15825 opened Sep 18, 2024 by sjohnr 6.5.x
@sjohnr
1
Add support for requesting protected resources with RestClient similar to ServletBearerExchangeFilterFunction in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15820 opened Sep 17, 2024 by azizabah 6.5.x
@sjohnr
2
Add support for access token in body parameter as per rfc 6750 Sec. 2.2 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15819 opened Sep 17, 2024 by jonah1und1 Loading… 6.5.x
@sjohnr
12
ServerBearerTokenAuthenticationConverter does not support form encoded body parameter in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement
#15818 opened Sep 17, 2024 by jonah1und1 6.5.x
@sjohnr
4
Consider removing one level of the OIDC Backchannel Logout DSL in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15817 opened Sep 16, 2024 by jzheaux 6.5.x
@alswp006
2
Consider adding a discovery client for ClientRegistrations in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15590 opened Aug 13, 2024 by sjohnr
@sjohnr
Authentication in the security context is not updated during the refresh token flow in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
#15509 opened Aug 1, 2024 by ch4mpy
@sjohnr
1
ProTip! Updated in the last three days: updated:>2024-12-28.