Joe Grandja
Joe Grandja
If `scope` is not requested by the client for the `client_credentials` grant flow, the client's registered scope(s) are used as the defaults for the authorized access token. This behaviour needs...
We should enhance the `default-authorizationserver` and `messages-client` sample to call the UserInfo endpoint.
This feature will deliver [OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628). Related to Spring Security [client support](https://github.com/spring-projects/spring-security/issues/11063)
Add logging
We need to add logging to allow for more efficient troubleshooting during error conditions.
The [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-10) specification details the security considerations and best practices when developing browser-based applications that use OAuth 2.0. The purpose of this issue is to: 1....
We should provide the following integrations with Spring Boot: - [ ] Auto-configuration class - [ ] `spring-boot-starter-oauth2-authorization-server` - [ ] Custom Application Properties - [ ] Add to [Spring...
We should publish a guide on how to configure a client to authenticate using the `private_key_jwt` method. See this [branch](https://github.com/jgrandja/spring-authorization-server/tree/jwt-client-authn) for a working sample.
Publish a guide on How-to: Authenticate a user in a Single Page Application with PKCE Related gh-499
Publish a guide on How-to: Customize form based login Related gh-499
Publish a guide on How-to: Authenticate a user with two-factor authentication Related gh-499