As we all know, the spring-security-oauth2 project is marked as deprecated. In the migration guide, the Spring team recommends a switch to spring-security.OAuth.
While this migration seems to be clear for the overall OAuth2 protocol implementation, the documentation may miss one crucial point.
If newbies don't look closely, they may confuse the package "openid" in "spring-security" with "open id connect (1.0)".
This confusion is reinforced by the following note:
The package openid inside of spring-security seems to be deprecated. The note tells us: "The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2." written in https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
I'd suggest to rewrite this note or the naming of the package 👍
Comment From: jgrandja
@BavariaBlue I agree that this could be misleading:
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2
Would you be interested in submitting a PR for this improvement?
Comment From: BavariaBlue
Yeah, I will write a PR. Target: on the coming weekend :)
@BavariaBlue I agree that this could be misleading:
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2
Would you be interested in submitting a PR for this improvement?