SummaryWe have quite a few places where we are resolving APIs. OAuth2AuthorizationRequestResolver, SAML is adding a reso...

There should be documentation for BearerTokenConverter in reactive OAuth2ResourceServer docs.Example configuration.@Bean...

Hello Spring Security Team,Wanted to open a possible issue if you allow me.During a very basic dependency tree check on ...

Describe the bugIf the SAMLResponse parameter for Single Logout contains line breaks, Base64 decoding fails with an Ille...

Expected BehaviorOAuth2AuthorizationRequest.Builder could get registrationId as conditionContextSometimes,we need to cus...

Describe the bugI try to use Jackson to de/serialize http jdb session.I create a ConversionService to use Jackson Object...

Hi,since microsoft azure refresh token expires, I think would be nice to add this implementation to the class RefreshTok...

Describe the bugIn Cryptography - Password Encoding page, a Java interface of PasswordEncoder comes with a different sig...

The gitHubCheckMilestoneHasNoOpenIssues Gradle task can check if a given milestone has any open issues associated with i...

Related servlet bug8700Describe the bugOAuth2AuthorizedClientArgumentResolver does not use the ReactiveOAuth2AuthorizedC...

Describe the bugLog displays Will not secure ... instead of Will secure ... with ....To ReproduceConfigure a SecurityFil...

Describe the bugDelegatingOAuth2UserService stream mechanism that can cause oauth2 exceptionsTo ReproduceDelegatingOAuth...

Describe the bugAbstractWebClientReactiveOAuth2AccessTokenResponseClient is abstract, but it is not final. I can extend...

SummaryWe should document that WebTestClient support does not work with bind to server https://docs.spring.io/spring-sec...

SummaryWhen making an "OPTIONS" request to the logout URL (default /logout) the response is a 404 Not Found.Based on the...

SummaryWe need to update our usage of OncePerRequestFilter to reflect the updates for https://github.com/spring-projects...

SummaryUsing Spring Boot 1.3.6.RELEASE which includes Spring Security 4.0.4.RELEASE. I am configuring maximum sessions u...

SummaryIf you expose more than 1 AuthenticationManager using the following (code below) in java-config and also are usin...

https://github.com/spring-projects/spring-security/blob/71986e5f424ed44c475d21af54a8cf51962b9bdd/config/src/main/java/or...

Once JWT token is issued, API access is not blocked even after locking the user.But when user tries to do a login, it sa...