spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Expected Behavior** It would be nice if the RestClient supported an equivalent of ServletBearerExchangeFilterFunction. This would allow us to easily grab a user's bearer token and pass that on to...
**Describe the bug** If `allowFormEncodedBodyParameter` or `allowUriQueryParameter` of `DefaultBearerTokenResolver` is set to `true`, a token will be retrieved from the request parameter. If the token is an `empty string` rather...
**Expected Behavior** Should be possible to configure scope delimiter if server sends scopes as comma-delimited string (e.g. GitHub does this). **Current Behavior** Delimiter is hard coded here https://github.com/spring-projects/spring-security/blob/de104e22b7855172876d7be6dc6ef882755da60a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java#L80-L86 The following...
Running a build I'm seeing that the s101 configuration takes over 30 seconds. Configuration should defer all work until a task is executed so that the work is only done...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency
# Expected Behavior I would like `org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager` to be an autoconfigured bean based on `application.yml` properties, and without having `spring-boot-starter-web` dependency. My desirable state would be the following: pom.xml ```xml...
