Skip to content

Issues: spring-projects/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
91 Open 1,878 Closed
91 Open 1,878 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Make X509CertificateThumbprintValidator configurable through JwtValidators create APIs in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#17131 opened May 17, 2025 by edmundham
@jzheaux
1
Add possibility to customize JwkSource of NimbusJwtDecoder in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
#17046 opened May 6, 2025 by marbon87 Loading…
@jzheaux
8
NimbusJwtEncoder should simplify constructing with javax.security Keys in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#17033 opened May 2, 2025 by surajbh123 Loading… 7.0.x
@jzheaux
73
JwtTimestampsValidator can require exp and nbf claims in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#17030 opened May 2, 2025 by FerencKemeny Loading… 7.0.0-M1
@jzheaux
14
Add support dpop customization in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16940 opened Apr 15, 2025 by franticticktick 7.0.x
@franticticktick
4
Reactive implementation for DPoPAuthenticationProvider & related classes in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16912 opened Apr 9, 2025 by RyanW02 7.0.x
@franticticktick
3
Remove deprecated implementations of OAuth2AccessTokenResponseClient in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16909 opened Apr 8, 2025 by sjohnr
4 tasks
7.0.0-M1
7
Add support for nested user-name-attribute using dot notation in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
#16857 opened Apr 1, 2025 by yybmion Loading…
1
@rwinch
5
Consider making UserInfo request opt-in instead of default in Spring Security 7 in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
#16843 opened Mar 28, 2025 by sjohnr 7.0.0-M1
Add Equals and HashCode methods for better comparison. in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16842 opened Mar 28, 2025 by GrmpfNarf Loading… 7.0.x
1
@jzheaux
20
SupplierClientRegistrationRepository for reactive stack in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16750 opened Mar 17, 2025 by bilak
1
3
OAuth2ResourceServerConfigurer#authenticationManagerResolver should override #jwt in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
#16406 opened Jan 13, 2025 by jgrandja
@jzheaux
7
Simplify Configuring Log In using Twitter / X v2 APIs in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16378 opened Jan 8, 2025 by rwinch
3 of 7 tasks
7.0.x
@rwinch
1
Default value for ClientRegistration redirect-uri in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16377 opened Jan 8, 2025 by rwinch 7.0.x
1
@rwinch
1
[Azure Oauth2] IllegalArgumentException: Attribute value for "xxx" is null in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: bug A general bug
#16340 opened Dec 24, 2024 by jloisel
@sjohnr
23
Pass Http Request to OAuth2AuthorizationRequestResolver#authorizationRequestCustomizer in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16306 opened Dec 19, 2024 by ZIRAKrezovic
1
@sjohnr
8
Consider adding PrincipalResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16284 opened Dec 13, 2024 by sjohnr 7.0.x
@sjohnr
1
NimbusJwtEncoder should simplify constructing with javax.security Keys in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16267 opened Dec 12, 2024 by jzheaux
@jan-knoblich
7
Support refreshing OIDC ID Token in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16253 opened Dec 10, 2024 by filiphr
@sjohnr
4
OidcBackChannelLogoutWebFilter returns an error for unauthenticated ajax requests in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
#16073 opened Nov 12, 2024 by katya-tis
@jzheaux
1
Consider aligning OAuth 2.0 Access Token Response parsing in BodyExtractor in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#16001 opened Oct 25, 2024 by sjohnr
@sjohnr
Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: dependency-upgrade A dependency upgrade
#15951 opened Oct 18, 2024 by blackat
@jzheaux
3
Allow comma-delimited scopes in OAuth2 access token response in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15878 opened Oct 5, 2024 by bfanyuk
@sjohnr
3
Add OAuth2AuthorizedClientManager autoconfiguration without spring-boot-starter-web dependency in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15877 opened Oct 4, 2024 by yvasyliev
14
Consider adding ClientRegistrationIdResolver to ExchangeFilterFunctions in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
#15825 opened Sep 18, 2024 by sjohnr 7.0.x
@sjohnr
1
ProTip! Add no:assignee to see everything that’s not assigned.