spring-security

mirror of synced 2026-05-22 21:33:16 +00:00

Files

T

Giacomo Baso 7b282c3a17 Relax client_id validation in AtJwtBuilder

RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.

Relates to gh-18381

Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>

2026-03-20 15:38:27 -06:00

oauth2-authorization-server

Merge branch '7.0.x'

2026-03-10 15:59:29 -04:00

oauth2-client

Enable null-safety in spring-security-oauth2-client

2026-03-18 05:04:30 -04:00

oauth2-core

Remove NullAway SuppressWarnings in ClaimAccessor

2026-03-11 13:53:30 -04:00

oauth2-jose

Relax client_id validation in AtJwtBuilder

2026-03-20 15:38:27 -06:00

oauth2-resource-server

Enable null-safety in spring-security-oauth2-resource-server

2026-03-19 06:21:08 -04:00