Given the following configuration:@Beanpublic SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity ht...

The MVC Integration documentation for Kotlin suggests using MvcRequestMatcher.Builder directly. However, this is already...

Spring Security originally redirected on authentication success with an absolute URL, conforming to https://www.rfc-edit...

Comment From: sjohnrhttps://github.com/spring-io/spring-security-release-tools/commit/fdfb70a3d02d7d69edb7bfa6baf489cafc...

Describe the bugThe application fails to start due to a conflict between two beans required by the declare Bean Security...

ContextHow has this issue affected you?I would end up DDOS the token provider serviceWhat are you trying to accomplish?I...

Expected BehaviorOne time token login has a dedicated field and button on the default login page (DefaultLoginPageGenera...

SummaryThere are some performance optimizations we can provide for jackson integrationComment From: TanqiZhouorg.springf...

Expected BehaviorAdd some support for OIDC Discovery endpoint Configuration URLlike This Document from IBM WASFinally it...

ContextHow has this issue affected you?I am getting 401 without this enhancement requestWhat are you trying to accomplis...

Describe the bugUpgrading from Spring Boot 3.3.5 to 3.4.0 includes an upgrade to Spring Security 6.4, which deprecates t...

ContextHow has this issue affected you?Without this enhancement request, we are blind in production for issues getting t...

Describe the bugI expanded the functionality of the UsernamePasswordAuthenticationFilter by incorporating a filter that ...

Describe the bugWhen trying to use Spring Security to enable Google authentication, without Spring Boot, as described in...

WebAuthnDsl is implemented incorrectly, we need to change the implementation of the get() method according to the usual ...

Describe the bugWhen ClientRegistrations is used to obtain meta data from issuer that has an invalid HTTPS certificate (...

gh-15236 added support for configuringOAuth2AuthorizationRequestResolver for OAuth2 Client's by publishing a Bean. This ...

Expected BehaviorThe class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest should have prop...

Expected BehaviorIn a project I am currently working on, we must send additional request parameters in the OIDC Token Ex...

PKCE is recommended to prevent CSRF and authorization code injection attacks. We should consider enabling enabling PKCE ...