The current implementations of OAuth2UserService are DefaultOAuth2UserService and OidcUserService. These implementations...

SummaryDomain objects are simple and should not need to be mocked. It adds unnecessary additional complexity and depende...

The OAuth2LoginConfigurer DSL provides the following configuration options:http .oauth2Login() .clientRegistra...

@jgrandja @rwinch @jzheaux I am working on a project with Android and IOS developers.We have our backend as full Spring ...

The reactive interface for creating a ReactiveJwtDecoder from some context looks like:ReactiveJwtDecoder createDecoder(C...

ServletOAuth2AuthorizedClientExchangeFilterFunction has an implementation of CoreSubscriber that is used to propagate Ht...

We use WebClient in servlet environment.Some of our ExchangeFilterFunction requires current authentication object as wel...

Expected BehaviorIt would be good to use Spring Security OIDC client infrastructure on desktop clients (Spring, SWT, Jav...

Recently, the build began to fail with:* What went wrong:Execution failed for task ':spring-security-web:compileTestJava...

NOTE: This appears to be caused by https://github.com/rsocket/rsocket-java/issues/846The Jenkins build has started to ha...

Describe the bugIn oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegi...

Eleftheria has been contributing to the documentation for nearly 2 years but hasn't been added as an author. We should a...

Describe the bugHow to catch wrong clients_ ID, it seems that no exception information has been thrownComment From: jzhe...

All workflows are disabled for forks. It would be nice if in the GitHub repository's settings, a fork could specify whic...

SummaryWhen i modify the AuthnRequest according to the reference (Customize AuthnRequest)i get a perfect working AuthnRe...

ClientRegistrationsTests asserts the followingMockWebServer server;// ...assertThat(registration.getRegistrationId()).is...

Hi,In many of the IDPs, singing Assertion is not mandatory. In our previous version of the application, we were not prov...

We should ensure the OAuth2AuthorizationRequest expires after the configured time limit.Comment From: jgrandja@rwinch I'...

https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-client/src/main/java/org/springframework/secu...

A number of methods in the SAML support point to Shibboleth explanations for definitions of various SAML terms. While it...