In https://docs.spring.io/spring-security/reference/servlet/oauth2/login/core.html , the link for OAuth 2.0 Login sample...

Expected BehaviorIn the HttpSecurityDsl, formLogin should contain a disable() method.formLogin { disable()}should wor...

Sometimes, there is more than one relying party, and in that case, the metadata endpoint should reflect that.Comment Fro...

[ ] Use DocumentedObservation for Authentication[ ] Use DocumentedObservation for Authorization[ ] Use DocumentedObserva...

One way to opt-in to this behavior may be when an application chooses to wire an AuthenticationManager directly in the c...

Expected BehaviorThe AuthorizationChannelInterceptor implements a similar to the preSend() in the postReceive() contract...

Describe the bug@EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it...

Describe the bugOidcIdTokenDecoderFactory caches JwtDecoder instances on ClientRegistration.getRegistrationId(). The cac...

In the event that a <saml2:LogoutRequest> is received, it should be possible to return a <saml2:LogoutResponse&...

Conceptually similar to /resources/{id} and /resources, if no registration id is given to the metadata endpoint, show al...

The default implementation of RelyingPartyRegistrationResolver resolves {baseUrl} and other placeholders. It would be ni...

When using RelyingPartyRegistration#withRelyingPartyRegistration as a copy constructor, custom data in subclasses cannot...

This allows for constructs like:new OrRequestMatcher( new AntPathRequestMatcher("/saml2/metadata/{registrationI...

JWTI can't find a project for jwtcan you guy please addComment From: marcusdacoregioHi @eflexcode, what do you mean by a...

Describe the bugThis code segment in XorCsrfTokenRequestAttributeHandler causes a valid CSRF token to always be rejected...

Describe the bugFollowing the migration guide for reactive applications, I configured a WebFlux application with http.cs...

Expected BehaviorCurrent BehaviorContextComment From: blovey410Excuse me, how to implement AuthenticationManager in the ...

Describe the bugif behind a reverse proxy (EKS). In spring boot web application configure (application.yml) tomcat.proto...

SummaryGetting clientRegistrationRepository cannot be nullActual BehaviorDefined the client reposiroty and providers in ...

Expected BehaviorI use SpringSessionBackedSessionRegistry and .sessionManagement() .maximumSessions(1)whe...