Add token and token_type_hint to OAuth2ParameterNames.The OAuth 2.0 Token Revocation Endpoint (spring-authorization-serv...

Introduce JwaAlgorithm and update existing JwsAlgorithm to extends JwaAlgorithm.JoseHeader in spring-authorization-serve...

Expected BehaviorAllow to configure the expected header value as a regular expression pattern in a request matcher regar...

I have OAuthServer and ResourceServer which works fine in SSO model. Now I want to add to my ResourceServer additional ...

This still needs to be thought through a bit, but contracts like these:public class AbstractOAuth2TokenAuthenticationTok...

Describe the bug Security Context is not loaded in Session after authentication is performedTo ReproduceUser authenticat...

Asserting party metadata should indicate what signing methods it supports (section 2.4). This is valuable when the relyi...

According to docs method level security settings must overwrite repository level settings. But it fails when it comes to...

I am testing a Spring MVC controller that updates a customer's subscription and then immediately refreshes the security ...

SummaryAnnotations of generic super methods are not found.Expected BehaviorAnnotations of generic super methods (includi...

Backport of gh-2884Comment From: spring-projects-issuesFixed via 93a1fc104c865a1ae90ae9dd7cb01186d081cbfbComment From: F...

The Spring Security org.springframework.security.crypto.encrypt package provides utilities that simplify working with t...

See https://github.com/spring-projects/spring-framework/issues/25995Comment From: rwinchAdding too many options to the D...

SummaryI have a listener that listens to AuditApplicationEvent. In the fields that I get about various events (in partic...

Describe the buga.w.r.e.AbstractErrorWebExceptionHandler : [5f49b760/1-1] 500 Server Error for HTTP GET "/test"java.lan...

ContextSo DelegatingPasswordEncoder decided to upgrade password encoding. This is arguably a reasonable decision, howeve...

Currently, the 5.4.x snapshot build points to the latest Spring 5+, Reactor 1.1+, and others that would imply a minor re...

org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate ...

Expected BehaviorIn ConcurrentSessionControlAuthenticationStrategy.onAuthentication, If maximumSessions value settled to...

As of Spring Framework 5.3, result matcher functions in Kotlin, like isOk() need to beinvoked with the parenthesis (isOk...