spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-26 03:51:05 +00:00

History

Giacomo Baso 7b282c3a17 Relax client_id validation in AtJwtBuilder

RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.

Relates to gh-18381

Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>

2026-03-20 15:38:27 -06:00

oauth2-authorization-server

Merge branch '7.0.x'

2026-03-10 15:59:29 -04:00

oauth2-client

Enable null-safety in spring-security-oauth2-client

2026-03-18 05:04:30 -04:00

oauth2-core

Remove NullAway SuppressWarnings in ClaimAccessor

2026-03-11 13:53:30 -04:00

oauth2-jose

Relax client_id validation in AtJwtBuilder

2026-03-20 15:38:27 -06:00

oauth2-resource-server

Enable null-safety in spring-security-oauth2-resource-server

2026-03-19 06:21:08 -04:00