Steve Riesenberg

Use securityMatcher instead of requestMatcher

1

See spring-projects/spring-security#9159

Switch to Spring Security SNAPSHOTs

1

In order to adopt breaking changes in Spring Security 6.0, we should switch to SNAPSHOT dependencies of Spring Security.

**Expected Behavior** The userinfo endpoint is accessible in the [Getting Started example](https://docs.spring.io/spring-authorization-server/docs/1.0.0-M2/reference/html/getting-started.html#developing-your-first-application). **Current Behavior** The `/.well-known/openid-configuration` (OpenID Connect 1.0 Provider Configuration Endpoint) response contains the userinfo endpoint, but it is...

Document how to publish an `AuthenticationManager` `@Bean` without `WebSecurityConfigurerAdapter`

1

We should adapt the recommendations and examples in the blog article [Spring Security without the WebSecurityConfigurerAdapter](https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter) into the reference documentation. For example, we can configure an `AuthenticationManager` for use by...

Log a warning when `AuthorizationGrantType` does not exactly match a pre-defined constant

3

**Expected Behavior** When building a `ClientRegistration` and passing a string to the `AuthorizationGrantType` constructor, invalid grant types that match case insensitively with a pre-defined constant could log a warning informing...

To improve handling of `CsrfToken` instances generated by a `CsrfTokenRepository`, consider adding a generic type similar to [`SessionRepository`](https://github.com/spring-projects/spring-session/blob/main/spring-session-core/src/main/java/org/springframework/session/SessionRepository.java) in [spring-session](https://github.com/spring-projects/spring-session). For example: ```java public interface CsrfTokenRepository { T generateToken(HttpServletRequest request);...

Some notes here: - Dependabot [supports ignoring ](https://github.blog/changelog/2021-05-21-dependabot-version-updates-can-now-ignore-major-minor-patch-releases/) major, minor, or patch updates - [gradle-dependency-submission](https://github.com/mikepenz/gradle-dependency-submission) project supports submitting Gradle dependencies via the Dependabot API, but it does this via parsing...

Security system current state should not be set automatically

1

**Current behavior** When arming a security system from HomeKit, the target AND current state are set in Homebridge, and the `Characteristic.SecuritySystemCurrentState` is set to the new state automatically. **Expected behavior**...

Add Spring Authorization Server support

1

This PR introduces support for Spring Authorization Server. It includes: * New module `spring-boot-starter-oauth2-authorization-server` * Dependency management of `org.springframework.security:spring-security-oauth2-authorization-server` * Support in `spring-boot-autoconfigure` for `org.springframework.security:spring-security-oauth2-authorization-server` Overview --- The auto-configuration is...

In order to highlight the configuration improvements of gh-13763, we need a place in the docs to add some reactive code examples for OAuth2 Client. We should create a landing...