Skip to content

Introduce Migration Guidance for Spring Security's OAuth 2.0 Support #6733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jzheaux opened this issue Apr 2, 2019 · 10 comments
Closed

Introduce Migration Guidance for Spring Security's OAuth 2.0 Support #6733

jzheaux opened this issue Apr 2, 2019 · 10 comments
Assignees
Labels
in: docs An issue in Documentation or samples type: enhancement A general enhancement
Milestone

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 2, 2019

Spring Security 5.0 introduced first-class support for OAuth 2.0, yet many aren't aware of this change or they are struggling with understanding how to change their existing code to use the new support.

There's a migration guide for Spring Security 3 to 4 which contains several migration examples. This seems like a good format to repeat for migrating from Spring Security OAuth 2.x to Spring Security 5 in a new repository.

Also, it might be nice if these examples worked well with each other so that a user could mix and match them, according to their setup.

We should also consider updating/replacing the "Spring Boot and OAuth 2" guide.

I'll hold off on creating tickets for some of these, as I'd like to start a discussion about what other items may be needed and whether there is a better representation of the work to be done.

References

@jzheaux jzheaux changed the title Improve Migration Guidance for Spring Security's OAuth 2.0 Support Introduce Migration Guidance for Spring Security's OAuth 2.0 Support Apr 2, 2019
@jgrandja jgrandja added the in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) label Apr 4, 2019
@ankurpathak
Copy link
Contributor

@jzheaux I would like to take it forward with your help and guidance.

@dfcoffin
Copy link

dfcoffin commented Apr 9, 2019

@jzheaux The migration guide will also need to address migration of the Authorization Server, since current Spring Security Oauth implementations are able to combine the Authorization and Resource Server function together.

@ankurpathak
Copy link
Contributor

@dfcoffin Spring Security 5 support for Authorization Server yet to come. Correct me if I am not.

@dfcoffin
Copy link

dfcoffin commented Apr 9, 2019

@ankurpathak That is also my understand, which is why I suggested it needs to be added to any migration documentation project, so individuals attempting to migrate with Authorization Server Spring Security Oauth implementations don't start and then find out they can't complete the migration.

@jzheaux Please correct me if Spring Security 5.2.0 incorporates the Authorization Server support

@jgrandja
Copy link
Contributor

jgrandja commented Apr 9, 2019

@dfcoffin

Please correct me if Spring Security 5.2.0 incorporates the Authorization Server support

Authorization Server support has not started yet and therefore will not be included in the 5.2.0 release. We started planning from a high-level in #6320 but the work won't start until we're at RC1 phase for 5.2.0 (at least). The plan is to release initial support for Authorization Server in the 5.3.0 release.

@jzheaux
Copy link
Contributor Author

jzheaux commented Apr 10, 2019

@dcoffin, while 5.2 won't introduce new Authorization Server support, you are right that it would probably be valuable to make the migration scenarios clear to the reader (so they don't assume the guide is about Authorization Server). Also, we can add more scenarios when 5.3 is released.

@jgrandja jgrandja added this to the 5.2.0 milestone Apr 23, 2019
@dfcoffin
Copy link

@jzheaux Is there a timeline for when 5.3 is planned for release? I have a legacy open source system built with Spring-Security-OAuth that requires support for both an Authorization and Resource Server capability in the same application. I',m planning to migrate to Spring Security 5, but lack of Authorization Server support is a blocking condition.

@jzheaux
Copy link
Contributor Author

jzheaux commented May 28, 2019

@dfcoffin Thanks for asking. No, 5.3 has not been slated yet; I'd imagine it would be some time mid next year.

@jgrandja
Copy link
Contributor

@jzheaux Can this be closed?

@jzheaux
Copy link
Contributor Author

jzheaux commented May 19, 2021

@jzheaux jzheaux closed this as completed May 19, 2021
@jzheaux jzheaux added in: docs An issue in Documentation or samples type: enhancement A general enhancement and removed in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels May 19, 2021
@jzheaux jzheaux self-assigned this May 19, 2021
@jzheaux jzheaux modified the milestones: 5.2.x, 5.2.0 May 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: docs An issue in Documentation or samples type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

4 participants