spring-security
spring-security copied to clipboard
spring-projects
Spring Security
**Expected Behavior** I can still find (browse online, or at least download) the reference documentation for older versions. **Current Behavior** The page https://docs.spring.io/spring-security/reference/ is only showing the documentation for the...
Hi, In a plain `oauth2Login()` application (keycloak as IDP for example), after https://github.com/spring-projects/spring-security/pull/16589 has been implemented, consider the following example : ```java @PostMapping("/fast") public Map getOidcUserPrincipal @AuthenticationPrincipal OidcUser principal1) {...
I recently ran into an issue where I tried to make a custom `JwtDecoder` that would try to parse the incoming token in order to inspect the headers, before doing...
**Describe the bug** There's no reference documentation for `ExpressionJwtGrantedAuthoritiesConverter`. I had hoped to find something in https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html#oauth2resourceserver-jwt-authorization-extraction. **To Reproduce** N/A **Expected behavior** The reference documentation describes `ExpressionJwtGrantedAuthoritiesConverter` and when and...
**Expected Behavior** When using the `Password4j` password encoders, I can optionally provide a shared secret/pepper that is then used as the pepper in the `Password4j` library (and therefore is not...
**Expected Behavior** I would like to be able to use and modify OidcAuthorizationCodeAuthenticationProvider and the functionalities it provides a bit easier. The general usecase is that I already implemented a...
**Expected Behavior** On successful authorization, the stored authorized client includes any additional parameters provided by the auth server during the code grant flow. **Current Behavior** `OAuth2AuthorizationCodeGrantFilter` currently creates a `OAuth2AuthorizedClient`...
Original issue: spring-projects/spring-security#5543
**Expected Behavior** When using the `@RegisteredOAuth2AuthorizedClient` or `OAuth2AuthorizedClient` I would like to use the OIDC ID Token instead of the Access Token. I would like to use the existing functionality...
**Expected Behavior** It would be nice if we could use ServerWebExchange when customizing the Authorization Request using DefaultServerOAuth2AuthorizationRequestResolver#authorizationRequestCustomizer At the moment, we only get the builder instance. **Current Behavior** **Context**...
