Steve Riesenberg
Steve Riesenberg
Build a [FAPI](https://openid.net/wg/fapi/specifications/) (Financial-grade API) sample to demonstrate the necessary configuration based on the FAPI parts of the [OpenID Connect conformance tests](https://gitlab.com/openid/conformance-suite). This will help drive enhancements to Spring Security...
See issue gh-15354.
**Expected Behavior** A UserInfo request isn't performed by default in OpenID Connect login (`oauth2Login()` with `openid` and any of `profile`, `email`, `address` and `phone` scopes). A user should still be...
With the 6.4 release, a new set of `OAuth2AccessTokenResponseClient` implementations were introduced based on `RestClient`. These are: * `RestClientAuthorizationCodeTokenResponseClient` * `RestClientRefreshTokenTokenResponseClient` * `RestClientClientCredentialsTokenResponseClient` * `RestClientJwtBearerTokenResponseClient` * `RestClientTokenExchangeTokenResponseClient` These implementations are...
For reactive applications, the default implementation of `BodyExtractor` used by `AbstractWebClientReactiveOAuth2AccessTokenResponseClient` is `OAuth2BodyExtractors.oauth2AccessTokenResponse()`. It uses Nimbus to parse an OAuth 2.0 Access Token Response. The Nimbus implementation determines if the...
We should align `(Server|Servlet)OAuth2AuthorizedClientExchangeFilterFunction` with `OAuth2ClientHttpRequestInterceptor` which introduces a `PrincipalResolver` as a flexible strategy for resolving the `Authentication` for a given request. For `ServletOAuth2AuthorizedClientExchangeFilterFunction`, the interface could be: ``` @FunctionalInterface...
Original issue: spring-projects/spring-security#5543
Consider generating a non-nullable fields constructor when `generateJSpecifyAnnotations = true`. **Context:** When `generateJSpecifyAnnotations = true`, the no-arg constructor is never visible. This is intended so applications begin using the public...
When JSpecify is enabled (`generateJSpecifyAnnotations = true`), object types with all nullable fields (no non-null fields) generates a private default no-arg constructor. It could be made conditionally public based on...