Comment From: DevPJ9Hello @rwinch. I would like to work on this, if it is available.Comment From: rwinchWe no longer nee...

We should be able to reuse the GitHub Actions used for building the docs. This is important because not only do we reuse...

Expected BehaviorConfigurable AuthenticationWebFilter for OAuth2 clients with OAuth2 loginCurrent BehaviorOAuth2LoginSpe...

We have hundreds of customers registered their ADFS with our application. At the time of login based on their EMail doma...

Add basic support for OAuth 2.0 Device Authorization Grant in oauth2-core, including:Parameter names in OAuth2ParameterN...

Describe the bugA few links are broken in Form Login section of docs.To ReproduceClick on the following links in the bel...

Related to #12811, an application could configure the convention to shorten an observation's name, which in the end affe...

https://github.com/spring-projects/spring-security/issues/12504 fixed the SwitchUserFilter by saving the security contex...

Describe the bugWhen using Spring Security 6 (via the Spring Boot 3 BOM) the SwitchUserFilter is not working anymore. Th...

Docs section Cross Site Request Forgery is missing any discussion on weather CSRF is recommended / required for a REST A...

SummaryThe HttpSessionSaml2AuthenticationRequestRepository saves the Saml2AuthenticationRequest in the session and tries...

Under 6.0.2 when trying to call any of our endpoints we now get errors such as:The returnType class java.lang.Object on ...

Expected BehaviorReviewing this library, noticed that the method equalsConstantTime wasn't adopted everywhere.https://gi...

Here is the Stack Overflow question -> https://stackoverflow.com/questions/75559524/spring-boot-default-user-and-pass...

We have a Spring Boot application that exposes a set of actuators (standard: info, health, metrics and prometheus), whic...

SummaryFrom #5328 , in ServerHttpSecurity, ServerFormLoginAuthenticationConverter and ServerHttpBasicAuthenticationConve...

There are some Oauth services that implements rate limiting e.g. https://blog.allegro.tech/2021/11/oauth-rate-limiting.h...

Similar to how User.UserBuilder works, configuration should fail if configurations like the following are attempted:hasR...

We should improve documentation of SecurityMockMvcRequestPostProcessors.csrf() to clarify usage and suggestions when cus...

Describe the bugWe are currently in the process of updating to spring-security 6 and are having trouble with our MockMvc...