spring-authorization-server
spring-authorization-server copied to clipboard
spring-projects
Spring Authorization Server
Publish a guide on How-to: Authorize an access token containing custom authorities, e.g. roles, groups, permissions, etc. - How-to: Customize the headers / claims in a JWT Related gh-499
Publish a guide on How-to: Handle errors and customize the OAuth 2.0 Error response Related gh-499
Publish a guide on How-to: Customize client authentication for specific authentication methods Related gh-499
Publish a guide on How-to: Authenticate using OpenID Connect 1.0 `authorization_code` flow Related gh-499
Publish a guide on How-to: Customize the user consent page Related gh-499
**Expected Behavior** To support silent authentication on Authorization Code Flow with PKCE. Reference: https://auth0.com/docs/login/configure-silent-authentication **Current Behavior** Single Page Application(SPA) is public client. As it can't hold secret, the SPA need...
**Expected Behavior** There is a new IETF specification for [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/) which has already been approved by the IESG and will be...
**PAR** ([OAuth 2.0 Pushued Authorization Requests](https://datatracker.ietf.org/doc/draft-ietf-oauth-par/)). PAR has a considerably big impact on authorization server implementations, especially if `request_uri` ([OIDC Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) [Section 6.2](https://openid.net/specs/openid-connect-core-1_0.html#RequestUriParameter)) is not supported yet. It is...
**[OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html)** support. Form Post Response Mode (aka `response_mode=form_post`) has a considerably big impact on authorization server implementations. It is recommended that the feature be designed...
This feature will deliver support for [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html), which is related to the `response_type` values defined in OpenID Connect Core 1.0 - [Section 3. Authentication](https://openid.net/specs/openid-connect-core-1_0.html#Authentication)....