OAuth 2.1 Support/Roadmap

[metacubed]

Which features from OAuth 2.1 will be supported by Spring Security? Is there a roadmap or any documentation on this topic?

For example:

• PKCE support (partially implemented)
• Remove implicit grant (deprecated, to be removed)
• Remove password grant
• Remove query-based bearer tokens
• Constraints on refresh tokens
• Redirect URI enforcement changes

[jgrandja]

@metacubed Please review the reference documentation to see what features have been implemented.

Also, review the open issues for the in: oauth2 tag to see what features are in the backlog.

If there is a specific feature you are looking support for then please log a separate ticket for each.