Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
79 Open 1,784 Closed
79 Open 1,784 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

DefaultBearerTokenResolver Regarding throwing an IllegalArgumentException when creating a BearerTokenAuthenticationToken instance when the allowFormEncodedBodyParameter member field is true or the allowUriQueryParameter member field is true. in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: bug A general bug
#15885 opened Oct 8, 2024 by jacknie84
1
@sjohnr
1
Add support for custom grant types in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15884 opened Oct 7, 2024 by sjohnr Loading…
1
@sjohnr
Allow comma-delimited scopes in OAuth2 access token response in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15878 opened Oct 5, 2024 by bfanyuk
@sjohnr
Add OAuth2AuthorizedClientManager autoconfiguration without spring-boot-starter-web dependency in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15877 opened Oct 4, 2024 by yvasyliev
@sjohnr
2
Consider adding ClientRegistrationIdResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15825 opened Sep 18, 2024 by sjohnr 6.4.x
@sjohnr
Add support for requesting protected resources with RestClient via a ServletBearerExchangeFilterFunction or equivalent in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15820 opened Sep 17, 2024 by azizabah
@sjohnr
Add support for access token in body parameter as per rfc 6750 Sec. 2.2 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15819 opened Sep 17, 2024 by jonah1und1 Loading…
@sjohnr
2
ServerBearerTokenAuthenticationConverter does not support form encoded body parameter in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
#15818 opened Sep 17, 2024 by jonah1und1
@sjohnr
3
Consider removing one level of the OIDC Backchannel Logout DSL in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15817 opened Sep 16, 2024 by jzheaux General Backlog
1
Consider adding a discovery client for ClientRegistrations in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15590 opened Aug 13, 2024 by sjohnr
@sjohnr
Authentication in the security context is not updated during the refresh token flow in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#15509 opened Aug 1, 2024 by ch4mpy
@sjohnr
1
Allow for extending OAuth2AuthorizedClient with additional parameters in the code grant flow in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15470 opened Jul 24, 2024 by stackfull
@sjohnr
Support jwt in introspection response in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: blocked An issue that's blocked on an external project change type: enhancement A general enhancement
#15467 opened Jul 23, 2024 by CrazyParanoid
2
Consider removing generics from AuthorizationRequestRepository in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15426 opened Jul 15, 2024 by sjohnr 7.0.x
1
2
Servlet and Reactive OAuth2 Client consistency in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: theme An issue that describes a theme for a release
#15299 opened Jun 24, 2024 by sjohnr
6 of 8 tasks
6.4.x
@sjohnr
Highly concurrent requests with client_credentials cause duplicate access token requests in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15295 opened Jun 24, 2024 by kschlesselmann
6
Support multiple OpaqueTokenIntrospector in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15276 opened Jun 18, 2024 by CrazyParanoid
6
OpenID Connect Oauth2 Logout Token not using custom jwt alg in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15273 opened Jun 18, 2024 by adrien-dedecker 6.4.x
@jzheaux
Should OidcIdToken implement equals? in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#15156 opened May 24, 2024 by MatthiasWinzeler 7.0.0-M1
5
Add support OAuth 2.0 Step-up Authentication Challenge Protocol in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
#15091 opened May 17, 2024 by CrazyParanoid
1
@sjohnr
4
Reactive Security OAuth2 client doesn't propagate traces and baggage's in Spring Boot 3 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14946 opened Apr 23, 2024 by DaceKonn
@sjohnr
3
Support Certificate-Bound (POP) Opaque Access Token Validation in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14888 opened Apr 11, 2024 by jgrandja
6
Support for OpenID Connect Session Management session_state parameter in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14812 opened Mar 27, 2024 by benba
2
Add support customizing the serverLogoutSuccessHandler for OidcClientInitiatedServerLogoutSuccessHandler in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14808 opened Mar 27, 2024 by CrazyParanoid Loading… 6.4.0-RC1
1
@jzheaux
7
Add BearerTokenAuthenticationConverter in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#14791 opened Mar 22, 2024 by CrazyParanoid Loading…
1
@jzheaux
6
ProTip! Adding no:label will show everything without a label.