Steve Riesenberg

Issue spring-io/start.spring.io#1144 has been opened to add Spring Initilizr support.

@ccaspanello I have updated the [bff-demo branch](https://github.com/sjohnr/spring-authorization-server/tree/bff-demo). **Note:** Make sure you visit the Angular app via http://127.0.0.1:4200 as the CORS allowed origin uses that URL specifically. I ran into CORS...

@dciarniello make sure to 👍 the opening post if you are voting for this issue. We frequently view community up-votes as a way to gauge priority from the community's perspective.

@vishu221b, thanks for suggesting this! I thought we already had an "opaque tokens" how-to issue, but I can't seem to find one. At the moment, I'm not sure this topic...

@DevDengChao, thanks for getting in touch, but it feels like this is a question that would be better suited to [Stack Overflow](https://stackoverflow.com/questions/tagged/spring-security). Feel free to update this issue with a...

@Yneth thanks for reaching out! > The best place to add session creation is after `OAuth2AuthorizationCodeAuthenticationProvider` or `OAuth2RefreshTokenAuthenticationProvider` validation and before token generation. > > Unfortunately, there are no points...

Hi @Yneth! Thanks for the extra information. > I do not like that we have to: > * mutate request attributes in order to reuse sessionId; I not quite sure...

@Yneth please see my above question. > I not quite sure I understand this point, can you clarify what you mean here? Are you using the `RequestContextHolder` to pass the...

Thanks for confirming @Yneth! I think that adding some more flexible customization options and hooks into the processing flow is needed. I see a customization theme already with a few...

@norman-knott It was not intentional, but is unfortunately a gap in our release process (when combined with an [automatic process](https://github.com/spring-projects/spring-security/issues/11365) on the backend to point to the latest of our...