Skip to content

Update OAuth 2.0 Issuer-based Auto Configuration #17672

Closed
@jzheaux

Description

@jzheaux

Spring Security now supports deriving OAuth 2.0 configuration from multiple endpoint types.

Instead of calling:

ClientRegistrations.fromOidcIssuerLocation
// or 
JwtDecoders.fromOidcIssuerLocation
// or
ReactiveJwtDecoders.fromOidcIssuerLocation

Which only is aware of the OIDC Provider Configuration endpoint, Spring Boot could instead call:

ClientRegistrations.fromIssuerLocation
// or
JwtDecoders.fromIssuerLocation
// or
ReactiveJwtDecoders.fromIssuerLocation

which will first attempt the OIDC endpoint, and then try endpoints indicated in RFC 8414.

Metadata

Metadata

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions