[JAVA] Spring Security OAuth2 will end support in a few years, an alternative

Announcement from Spring Project

https://spring.io/blog/2019/11/14/spring-security-oauth-2-0-roadmap-update

The important points are the following two points

--There are so many authorization server products out there that we have decided not to support them in Spring Security. --Spring Security OAuth2 will support 2.3.x for EOL in March 2020 and 2.4.x for 1 year after reaching Feature Parity (?)

Therefore, if you are using Spring Security OAuth2, we recommend that you migrate as soon as possible (below).

Client and resource server migration

Let's use the OAuth2 function of Spring Security 5.x itself.

Authorization server migration

Move to another product, such as Keycloak.

Reference material

-Implementation by OAuth 2.0 and Spring Security 5.1 from the basics -Create an OAuth 2.0 resource server with Spring Security 5.1 -Refresh access token using RestTemplate in Spring Security 5.1 -Log out with Keycloak's Logout Endpoint -Use Keycloak as authorization server for OAuth 2.0 with Spring Security 5.1

Recommended Posts

Spring Security OAuth2 will end support in a few years, an alternative
Addressing an issue that caused an AlreadyBuiltException in Spring Security
I implemented an OAuth client with Spring Boot / Security (LINE login)
We will build a Spring Framework development environment in the on-premises environment.