SummaryWhen creating the authorization uri to login with google, there is the option to add a query parameter in order t...

Expected BehaviorSpring Framework 5.3 has added support for discovering tested configuration on an enclosing class. This...

Describe the bugIn the following code testNoAnnotation should not use @WithMockUser because the mode is EnclosingConfigu...

Expected BehaviorSpring Security OAuth2 clients work when the authorization server/provider, e.g. Okta, have to be acces...

HelloAll is explained in:How enable/disable @EnableGlobalMethodSecurity for @Service methods for testing scenarioNot sur...

"Simon van der Sluis":https://jira.spring.io/secure/ViewProfile.jspa?name=svanders said:BasicLookupStrategy opens an add...

Describe the bugThe javadoc of org.springframework.security.core.SpringSecurityMessageSourcesaysThe default MessageSourc...

I have a case where I should enable method security check The problem is when I add @EnableGlobalMethodSecurity(prePostE...

I have a Spring Boot app v2.3.5.RELEASE and Spring Security v5.3.5.RELEASE with the configured security below : securit...

We should add a convenience constructor in OAuth2AuthenticationException that simply accepts an OAuth 2.0 Error code: pu...

SummaryThe docs for authorizeRequests state:There are multiple children to the http.authorizeRequests() method each matc...

Expected BehaviorIn order to allow customization of errors when token is rejected (see #5985 for example), BearerTokenAu...

SummaryI set HTTP OPTIONS Request permitAll,But Request also had been interceptedActual BehaviorExpected BehaviorConfigu...

In Sample Applications part of documentations, the documents mention a distribution zip file. But as far as I saw, there...

Hi,My intention was to set RequestRejectException to return 400 - BAD REQUEST instead of status 500.I know there is upco...

I found an odd behavior with JWT parsing and JwtValidators.Scenario:Spring Boot OIDC client (for now a tiny web app, onl...

The authentication manager of the Saml2WebSsoAuthenticationFilter can be overwritten, using a custom AuthenticationManag...

Expected BehaviorIt should be possible to set or customize the BearerTokenResolver inside the JwtIssuerAuthenticationMan...

Add unsupported_token_type in OAuth2ErrorCodes.The OAuth 2.0 Token Revocation Endpoint (spring-authorization-server#83) ...

Hello,I suggest that you offer a functionality that persists login actions in DB, for example table LoginDetails(usernam...