SummaryIn CommonOAuth2Provider we provide support for:GoogleGitHubFacebookOktaI believe we should also explicitly suppor...

At OAuth2AccessTokenResponseHttpMessageConverter it is using json message converter without checking if it is null or no...

Describe the bugI have simple SpringMVC Controller returning StreamingResponseBody@RestControllerclass SampleController ...

We can improve the performance of HttpSessionSecurityContextRepository by tracking if a value has been saved already or ...

SummaryA change in Spring Framework 5.1.0.RC2 caused the following exception methodSecurityWhenOrderUnspecifiedAndCustom...

Backport of gh-9387Comment From: CaesarGaoLooking at the commit history, it doesn't appear that the HttpSessionSecurityC...

Expected BehaviorA custom AuthenticationDetailsSource can be injected into BearerTokenAuthenticationFilter.Current Behav...

Describe the bug@SpringBootTest integration tests that check the implementation of the authentication setup fail if the ...

I would like to get an impression whether there are plans to implement the https://coreruleset.org/ as part of Spring Se...

Describe the bugACL can't be owned by a GrantedAuthoritySidTo ReproduceAs user with a role named TEST, after successfull...

This is gonna be a tough one. I haven't yet been able to reproduce it reliably, although I have experienced it multiple ...

I agree that Cookie XSRF-TOKEN is set by the server and is not meant to be set on the client side, but...Describe the bu...

OAuth2AuthorizationCodeGrantFilter gives precedence to the cached redirect url over configured one.This fails Use cases ...

In the HttpSecurity#csrf() Javadoc, we should explicitly mention that this method enables CSRF protection.It may be uncl...

As indicated in https://github.com/FasterXML/jackson-modules-java8/issues/307, ObjectMapper#readTree cannot delay the ev...

SummaryI've been playing around with Microsoft's identity platform (v2.0) and it seems like it it doing things a bit dif...

In section https://docs.spring.io/spring-security/site/docs/5.4.5/reference/html5/#servlet-authentication-jdbc-bean in E...

Saml2WebSsoAuthenticationFilter doesn't catch AuthenticationConverter convert exception, we should wrapper the exception...

I have multimodule spring boot project, In parent pom.xml I have dependencies like below1.Spring boot dependencyorg.spr...

Expected Behavior Apple now forces app developers to provide Sign in with Apple if they want to submit apps that current...