I am implementing OAuth2AccessTokenResponseClient and I do not see a way of setting refresh token expiry time on OAuth2A...

Expected BehaviorServletOAuth2AuthorizedClientExchangeFilterFunction should have setAuthorizedClientManager() method.If ...

Updated SummaryIf a @Configuration provides a @Bean that is used to default GlobalMethodSecurityConfiguration's defaultM...

Similar to BasicAuthenticationFilter, BearerTokenAuthenticationFilter should check if authentication is required before ...

Let's simplify the Boot and JavaConfig saml2Login samples to not sign AuthnRequests.Let's also simplify their RelyingPar...

Expected BehaviorAccess token validation passes on the Spring Security based resource server for an ADFS based OIDC prov...

Expected BehaviorServletOAuth2AuthorizedClientExchangeFilterFunction should have a way to set timeout.Current BehaviorCu...

Expected BehaviorAs stated in the official documentation, resource server supports use JwtAuthenticationConverter to con...

OpenSamlAuthenticationProvider decrypts <EncryptedAssertion> and <EncryptedID> elements. It should also decr...

Update to org.powermock 1.6.6Comment From: rwinchWe aren't going to do this change as 4.2.x is EOL in December and the d...

Hi,I want to set jwt-set-uri as the address of the service registration center. Now I can only implement load balancing ...

SummaryThis is related to Issue #5351 but takes different approach to support multi-tenant Jwt Decoders by issuerActual ...

It's quite convenient to be able to expose JwtDecoder or ReactiveJwtDecoder as a bean and have Spring Security's OAuth 2...

Given https://github.com/FasterXML/jackson-databind/issues/2683 and the fact that 5.5 will likely use Jackson 2.12 or hi...

JwtDecoder and ReactiveJwtDecoder could be improved by determining the JWS algorithm from the JWK Set endpoint.This is s...

oauth2-oidc-sdk has version ranges in the published pom which leads to various issues. This breaks start.spring.io's me...

Update to Spring 4.3.28.RELEASEComment From: spring-projects-issuesFixed via 2aa09d11e29b86e47a66284905b6a074a06a1976

SummaryWe're handling the InteractiveAuthenticationSuccessEvent to determine when a user logged in. However, this event ...

I am trying to configure resource server with my spring boot kotlin project, basically i have a bearer token which is op...

Expected BehaviorI want to control which scopes are requested by the DefaultOAuth2AuthorizationRequestResolver from the ...