spring-authorization-server
spring-authorization-server copied to clipboard
spring-projects
Spring Authorization Server
**Expected Behavior** I have a use case where the redirect_uri is not used, but "/" is supplied, there does not appear to be a way to plugin in my own...
Publish a guide on How-to: Implement the core services behind Spring Cloud Gateway:
**Expected Behavior** It would be great if the `oidcUserInfoEndpointFilter` is configurable so that we can provide a custom `OidcUserInfoHttpMessageConverter` or configure the `OidcUserInfoHttpMessageConverter#jsonMessageConverter`. In my case, I am using `java.time.LocalDate`...
**Expected Behavior** Should allow different clients to customize different ID Token TTL. **Current Behavior** The ID Token TTL is always 30 minutes. **Context** In JwtGenerator.java ``` Instant issuedAt = Instant.now();...
This is a draft solution for supporting NoSQL databases. It uses intermediary objects (currently called "Resources", but open to better names) to simplify a transformation to/from JSON. The intermediary objects...
A "Roadmap to Production" (or similar) page in the docs will be helpful for outlining the types of concerns (checklist) necessary when going from "Getting Started" all the way to...
The [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-10) specification details the security considerations and best practices when developing browser-based applications that use OAuth 2.0. The purpose of this issue is to: 1....
**Expected Behavior** IT would be nice if we just can add a single (or multiple) AuthenticationProviders/AuthenticationConverters and not override the default ones. **Current Behavior** Currently I'm just able to use...
A guide on how to add a custom flow to the provided core functionality would be very useful. **Context** This project does not support grant types that are not part...
**Expected Behavior** Support for RFC 8705 would allows clients to authenticate using TLS certificates and to bind access tokens to such certificates. **Current Behavior** Addition of client authentication with public...
