spring-authorization-server
spring-authorization-server copied to clipboard
spring-projects
Spring Authorization Server
**Describe the bug** When using the Device Code flow with the openid scope, a 500 Internal Server Error occurs during the refresh token step. This happens because the Device Code...
In this PR I am trying to solve this issue: https://github.com/spring-projects/spring-authorization-server/issues/1950 By injecting clock into the token generation
`JwtGenerator` currently does this to get the token issued time: ``` Instant issuedAt = Instant.now(); ``` Compare this against how the JwtTimestampValidator in the Spring resource-server implementation is coded: ```...
Spin off of https://github.com/spring-projects/spring-authorization-server/issues/1454 **Expected Behavior** As discussed in #1454, there is no clean way to disable the endpoints (including removing the filters, etc) we don't want. In our case,...
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) to 5.2.1 and updates ancestor dependency [@angular-devkit/build-angular](https://github.com/angular/angular-cli). These dependencies need to be updated together. Updates `webpack-dev-server` from 5.0.4 to 5.2.1 Release notes Sourced from webpack-dev-server's releases. v5.2.1 5.2.1...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The main points: - The new Spring Authorization Server version document will be compatitable with Spring Framework version document - Reference javadoc will be easier, use `javadoc:org.springframework.security...` instead `{spring-security-api-base-url}...`
**Expected Behavior** As the only point of user interaction in the OAuth flow, there should be a way to capture additional custom data that is associated with the current authorisation...
**Expected Behavior** The default behaviour of the `AuthenticationSuccessHandler` and `AuthenticationFailureHandler`s should be acessible, so that they can be extended and/or composed without having to copy-paste them from the current source...
**Expected Behavior** Similar to [OAuth2ClientCredentialsAuthenticationValidator](https://docs.spring.io/spring-authorization-server/docs/current/api/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationValidator.html) there should be a validator for Refresh token grant **Current Behavior** Currently there is no support for validating the request parameters for the RefreshToken grant....
Need to consider adding [CIBA](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html) support.
