Skip to content

OAuth2AuthorizationServerWebSecurityConfiguration should use HttpSecurity.oauth2AuthorizationServer #49367

New issue
New issue
Open
Open
OAuth2AuthorizationServerWebSecurityConfiguration should use HttpSecurity.oauth2AuthorizationServer#49367
Labels
status: waiting-for-internal-feedbackAn issue that needs input from a member of another Spring Teamstatus: waiting-for-triageAn issue we've not yet triaged
@rwinch

Description

@rwinch
rwinch
opened on Mar 2, 2026

Spring Boot's auto configuration should use HttpSecurity.oauth2AuthorizationServer instead of HttpSecurity.with.

  • Spring Boot's auto configuration currently overrides authorization server configuration applied by users providing Customizer<HttpSecurity> Beans. Switching to oauth2AuthorzationServer (which caches previous invocations made by the Customizer<HttpSecurity>) will fix this problem.
  • The built in DSL is the modern and documented way to configure Authorization Server in Spring Security 7.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-internal-feedbackAn issue that needs input from a member of another Spring Teamstatus: waiting-for-triageAn issue we've not yet triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions