A simple Authorization Server sample based off of the Legacy
Authorization Server project, spring-security-oauth2.
This project is mostly useful as a utility for other samples whose
usage would be clearer if an Authorization Server were introduced.
Note that this server is a barebones OAuth 2.0 Authorization Server
configuration, but is still useful for understanding how to set up an
Authorization Server using spring-security-oauth2.
Fixes: gh-5833
This introduces a hook for users to customize standard Jwt Claim
values in cases where the JWT issuer isn't spec compliant or where the
user needs to add or remove claims.
Fixes: gh-5223
The authcodegrant samples were initially meant to be very simple
demonstration of authorization code flow. However, it has become
obvious since then that the real intent of the demo is how to use
the WebClient with OAuth (there is no other reason to do authorization
code flow unless you use the token to make a request).
The samples have been migrated to oauth2webclient and oauth2webclient-webflux
respectively. They have been improved:
* The sample demonstrates usage with annotations, webclient directly, form login
oauth2Login, and public APIs
* The samples externalize the endpoint that is requested in the sample
making it easier to try other endpoints
* The UI no longer relies on a data structure for the result of the
endpoint also making it easier to try other endpoints
Issue: gh-4921
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.
Issue: gh-4921
You can now provide the clientRegistrationId and
ServerOAuth2AuthorizedClientExchangeFilterFunction will look up the authorized client automatically.
Issue: gh-4921
Josh Cummings
Rob Winch
Joe Grandja
Jisoo Youn
Johnny Lim
Tim Koopman
Sola