Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/3bef5fd3ed81c839edc58a...

Describe the bugThe default autoconfiguration of OAuth2 client:@BeanSecurityFilterChain oauth2SecurityFilterChain(HttpSe...

Describe the bugA clear and concise description of what the bug is.Even after configuring authorizeHttpRequests to permi...

Describe the bugspring security does not execute as expected, when the version is upgraded from 5.4.8 to 6.0.3To Reprodu...

SummaryActual BehaviorBefore the upgrade, throwing a custom exception returns 500 errors.After the upgrade, 403 is retur...

SupplierJwtDecoder allows for deferring the query to the authorization server for JWKS, allowing resource servers to res...

The error message:This class supports client_secret_basic, client_secret_post, and none by default. Client [%s] is using...

The error message:This class supports client_secret_basic, client_secret_post, and none by default. Client [%s] is using...

Describe the bugWhen using XML configuration with once-per-request="true" with use-authorization-manager="false" as per ...

Hello,we have a set of Java Spring Boot applications, that we updated today to version 3.0.7. For monitoring the applica...

The docs link that refers to the new .with(...) method is leading to a wrong place in the documentation, that should be ...

It is a common way to configure Spring Security like this:http.formLogin();http.httpBasic();Where each configuration is ...

We should provide a reactive implementation equivalent of AuthorizedClientServiceOAuth2AuthorizedClientManager.Comment F...

Use caseSignaling a CSRF problem to client app via 403 or some other status-code, while invalid sessions result in 401. ...

Describe the bugwhen configuring WebClient using ServerOAuth2AuthorizedClientExchangeFilterFunction with AuthorizedClie...

Describe the bugWhen hitting an oath2 resource server secured endpoint while micrometer is recording trace spans and Rea...

Expected BehaviorDo not append endless continue parameters.Current BehaviorAdds endless continue parametersContextI have...

As mentioned in https://github.com/reactor/reactor-core/issues/3522 - reopening an issue in spring-security project.Kind...

Expected BehaviorAs RFC 7662 states:the endpoint MUST also require some form of authorization to access this endpoint, s...

IssueException in client's API requestI knew that "//" was a problem in the error logging message, so I thought the clie...