spring-authorization-server
spring-authorization-server copied to clipboard
spring-projects
Spring Authorization Server
If the Request doesn't specify scopes, return the token without them. Before: If the scope parameter is empty or missing, the token is generated with all possible scopes. After: The...
If `scope` is not requested by the client for the `client_credentials` grant flow, the client's registered scope(s) are used as the defaults for the authorized access token. This behaviour needs...
We should enhance the `default-authorizationserver` and `messages-client` sample to call the UserInfo endpoint.
Hey 👋 Currently there is no way to hook into the `OAuth2[..]AuthenticationProvider`. I would like to customize spring implementations of `OAuth2[..]AuthenticationProvider` with some pre/post auth checks by implementing some general...
Before: client registration endpoint was not retuned in oidc Provider Configuration response After: Returns client registration endpoint in oidc provider configuration response if client registration is enabled Fixes gh-370
Why do you call the save method instead of remove when undoing the token `public final class OAuth2TokenRevocationAuthenticationProvider implements AuthenticationProvider { private final OAuth2AuthorizationService authorizationService; /** * Constructs an {@code...
**Describe the bug** When running MessagesClientApplication, it sayings that the application started but is not listening on the port (8080). When I opened http://127.0.0.1:8080/, the browser is responding ERR_EMPTY_RESPONSE **To...
**Describe the bug** The first time login to auth server will fail if using custom database schema **To Reproduce** 1. start uaa-auth-server, todos-service and web-client module respectively 2. open browser...
This feature will deliver [OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628). Related to Spring Security [client support](https://github.com/spring-projects/spring-security/issues/11063)
Introspection calls with bearer fail with invalid client error. In the `OAuth2TokenIntrospectionAuthenticationProvider` the call to `getAuthenticatedClientElseThrowInvalidClient` fails, `JwtAuthenticationToken` is not assignable to `OAuth2ClientAuthenticationToken`. I would expect that a) that the...
