spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Expected Behavior** `OAuth2LoginAuthenticationFilter` has a `authenticationResultConverter` property ([link to code](https://github.com/spring-projects/spring-security/blob/fe9edc8d2227aaf239dd208f8da27c5ef5ac8ca2/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java#L228)). It would be nice if we could set it through `HttpSecurity.oauth2Login` configuration during `SecurityFilterChain` registration **Current Behavior** It seems there...
**Expected Behavior** In a project I am currently working on, we must send additional request parameters in the OIDC Token Exchange grant request. I want a simpler way to add...
**Expected Behavior** FormLogin should be configurable to take in username and password as a predefined json object. **Current Behavior** FormLogin currently only accepts requests with form parameters. **Context** Most people...
**Expected Behavior** `NimbusJwtEncoder` should allow the user to specify whether it should generate JWT access tokens complying to [RFC 9068](https://www.rfc-editor.org/info/rfc9068) or not. If RFC 9068 compliant JWT access tokens are...
Implement [JWT Authorization Grant](https://datatracker.ietf.org/doc/html/rfc7523#section-2.1) as defined in [RFC 7523](https://datatracker.ietf.org/doc/html/rfc7523).
**Describe the bug** In an AP-Initiated SLO, the signed response for the HTTP redirect binding with relaystate is incorrect. The AP fails to validate the signature. The relying party, after...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.14 to 6.2.15. Release notes Sourced from org.springframework:spring-framework-bom's releases. v6.2.15 :star: New Features Avoid package cycle caused by use of UriComponentsBuilder in ServletServerHttpRequest #35954 DefaultHandshakeHandler should not...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16. Release notes Sourced from org.springframework.ldap:spring-ldap-core's releases. 3.2.16 Dependency Upgrades Bump io.spring.gradle:spring-security-release-plugin from 1.0.11 to 1.0.13 #1271 Bump org.aspectj:aspectjweaver from 1.9.24 to 1.9.25 #1270 Bump...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.21 to 1.5.22. Release notes Sourced from ch.qos.logback:logback-classic's releases. Logback 1.5.22 2025-12-11 Release of logback version 1.5.22 • In order to prevent involuntary information leakage, Logback will...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13. Release notes Sourced from org.springframework.data:spring-data-bom's releases. 2024.1.13 :shipit: Participating Modules Spring Data BOM 2024.1.13 Spring Data Build 3.4.13 Spring Data Cassandra 4.4.13 Spring Data...