I have a BFF setup almost running (it took ages, and has been a very painstaking experience....75+ config files! - and I...

It would be nice to provide support for phantom tokens. Many IDPs already have this feature, for example keycloak or cur...

Describe the bugWhen using @RolesAllowed annotation on interface level and inheriting that interface with another inter...

For some reason, when I do this@Configuration@EnableWebSecurityinternal class DefaultSecurityConfig () { @Autowired ...

Expected BehaviorWe need to convert additional claims (i.e. roles) from a JWT to GrantedAuthority so that we can do meth...

Describe the bugWe are using Spring Security OAuth2 with WebFlux, For the rest end points/controllers we are implementin...

Expected BehaviorThe tutorials say that when a password is encrypted with the bcrypt password encoder, the encoded strin...

Expected BehaviorOn successful authorization, the stored authorized client includes any additional parameters provided b...

What consideration is this code based on to exclude the need to remember that the token I generate throws an authenticat...

I am trying to create a new authrequest using only opensaml and spring-security-saml-service-provider. I am getting the ...

SummaryThe javadoc for ActiveDirectoryLdapAuthenticationProvider constructors says the param url supports multiple URLs....

Context:I'm working with multiple OAuth2 Clients where I need to validate JWT tokens (id token) which is using JwtDecode...

Describe the bugpermissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) method in Heade...

Describe the bugHeadersConfigurer.permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomize...

For example, configure SSLContext when SSL is enabled for authorization server. Currently there is no chance to do that....

Describe the bugWhen the response is not signed but assertions are signed, an error is thrown.To ReproduceConfigure an I...

Much background is here:https://stackoverflow.com/questions/78698990/spring-webflux-spring-security-preauthorize-not-wor...

Describe the bugMy Spring Boot application uses spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resourc...

java.lang.IllegalArgumentException: Illegal group reference at java.base/java.util.regex.Matcher.appendExpandedReplac...

Describe the bugMethods such as RelyingPartyRegistrations.collectionFromMetadataLocation use the entity of the asserting...