For Spring Boot users who want to change the property of the User Info response that is used to create a username, they ...

Hello Spring Team,I'm setting up a Spring Authorization Server with Spring boot starter Security 3.4.1 and spring-boot-s...

Expected BehaviorWhen using RestClient with OAuth2ClientHttpRequestInterceptor, there should be a public constant availa...

Hi,We are having the following issue when trying to configure Azure SSO Authentication using Spring Security Oauth2:{ js...

To simplify creation of DefaultOAuth2AuthorizationRequestResolver it should provide a default value of /oauth2/authoriza...

Since #6548 it is possible to enable PKCE for confidential clients - great!Unfortunately, this can only be configured in...

ContextWhat are you trying to accomplish?I am trying to use spring-boot-starter-oauth2-client to get a bearer token, whe...

Expected BehaviorRegardless of the buildFile names, no phantom subprojects should be created.If a subproject has a defau...

Describe the bugWhen configuring the SecurityFilterChain with both oAuth2Login and oAuth2Client sections, the resulting ...

If the Client Registration redirect-uri property is missing from a Spring Boot application, it fails on startup with:Cau...

Add context propagation support via Micrometer Context Propagation for the SecurityContext, between SecurityContextHolde...

Describe the bugApparently, neither the ID token nor the userinfo are updated during the refresh token flow in Spring cl...

Expected BehaviorThe SAML Single Logout (initiated by relying party) should use LogoutConfigurer.getLogoutRequestMatcher...

Expected BehaviorRender Java and Kotlin tab for the SpEL expression exampleCurrent BehaviorThere is a syntax error in th...

Describe the bugIn a new session when hit /authorize requests in multiple tabs of the same browser session, I get IDP lo...

Describe the bugIt seems this fix (https://github.com/spring-projects/spring-security/issues/14131) might have broken ba...

The transparent PNG files used in the Cross Site Request Forgery (CSRF) and Method Security documentation pages do not r...

Describe the bugWhen OidcBackChannelLogoutWebFilter returns an error from handleAuthenticationFailure(...) method:* the ...

Describe the bugWe're calling an API that requires JWTs for authentication. The JWTs are obtained from an authorization ...

Tried this in both opera, opera incognito, and chromium (which I never use (maybe ever on this computer)). I doubt this ...