SummaryHello everybody,currently iam building an Microservice-Architecture with and OIDC-Server, a Spring boot frontend ...

Actual BehaviorEndpoints are not getting secured by default even after including sprint security starter in pom.xml from...

Describe the bugWhen a UserDetailsService bean is found by InitializeUserDetailsBeanManagerConfigurer, a DaoAuthenticati...

SummaryI'm having a hard time discovering how to map claims of an OIDC logon to GrantedAuthorities. This doc seems to de...

Describe the bugThe user is getting successfully authenticated. The retrieval of profile fails and getting [invalid_user...

SummaryWe have a API that is used by both a same-origin Angular Single-Page Application and native apps. The Angular SPA...

Expected BehaviorDefining the AssertingPartyDetails should support reading IdP metadata from a file/classpath resource/I...

This issue is related to #6638.I use single OpenIDC IdP (google) from OAuth2Login Sample. Added a rest endpoint that use...

Recently I faced the issue when some OAuth 2.0 provider did not return token type in the access token response. Spring e...

I have a Spring Boot application (REST-based using JAX-RS) and couple of endpoints secured with a custom AuthenticationP...

Expected BehaviorHaving ReactiveRemoteJWKSource publicCurrent BehaviorReactiveRemoteJWKSource is package only accessible...

SummaryUsing with PreAuthenticatedGrantedAuthoritiesUserDetailsService there is a problem since "user details service" e...

Describe the bugA clear and concise description of what the bug is.To ReproduceSteps to reproduce the behavior.Expected ...

In one of our applications we have a couple of ApplicationListener implementations which operate on certain events from ...

Summarywhen I use UserDetailsManager‘s changePassword function,i found there is an unresolvable circular reference,I do...

Current build generates an error as it seems that the latest (8.28.1) oauth2-oidc-sdk artifact may be corruptmanagement ...

SummaryWhen the security filter is configured with REQUEST and ASYNC dispatcher types several headers that are set by Sp...

Related to https://github.com/spring-projects/spring-security/issues/6010Expected BehaviorChange the methods in JwtDecod...

Hello,The http header Feature-Policy has been renamed to Permissions-Policy (https://developer.mozilla.org/en-US/docs/We...

Describe the bugWhen we trying to run our application the metadata load failed with 401 Unauthorized.In the log what we ...