When logging a user in with OpenID Connect 1.0, there are cases where authority information is included in the access to...

Describe the bugI recently encountered a vulnerability in my Maven project while adding a dependency to my pom.xml. The ...

Similar to support for the jwt-bearer grant type, OAuth2ClientConfiguration.OAuth2AuthorizedClientManagerRegistrar shoul...

Im implementing a JWT authentication in my Spring app, but there are some...Strange issues here.What im expecting to hap...

Describe the bugUser stays in a page idle until the session is expired. When he refreshes the page, the system redirects...

When logging into a site with compromised password in chrome (this happens when I authenticate to a sample Spring Securi...

Hi,I'm working on my project, and i need OAuth2 authentication through 3rd party resourse.It appears, that some provider...

The link to "accept a username and password" on the page In-Memory Auth does not work. The issue seems to be that the li...

Expected BehaviorIs it possible to make a 'fall-through' AuthenticationEntryPoint in case one AuthenticationManager retu...

Expected BehaviorCurrently PasswordEncoderFactories class has method createDelegatingPasswordEncoder() which creates MD5...

If I have a security application that doesn't actually perform any authentication and just parses an Authorization heade...

I noticed that JwtIssuerAuthenticationManagerResolver works with trusted issuers, but the jwkSetUri is generated using a...

Hello, colleagues! There is an excellent interface enabled for Servlet applications security named HttpFirewall which he...

DescriptionWhen both oauth2Login and oauth2Client are configured, the OAuth2AuthorizationRequestRedirectFilter should on...

Expected BehaviorI thought it can't be better if I can just list sets of information for each JWT format(issuer, jwk-set...

Expected BehaviorSupport for configuring multiple jwk-set-uri's in the Spring configuration file like so:spring: securi...

Expected BehaviorIf spring security with spring session,the DelegatingServerLogoutHandler's delegates must be sortedthe ...

Expected BehaviorAn example for configuring the claim delimiter is listed in the Extracting Authorities section of the O...

Describe the bugI am getting the following error when I build my Spring Boot application:Error starting ApplicationConte...

Describe the bugI am facing an issue retrieving the authenticated user after receiving SAML from Microsoft Intra ID as t...