This site contains reference documentation and how-to guides for Spring Authorization Server.

Introducing Spring Authorization Server

Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. It is built on top of Spring Security to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.

Feature List

Spring Authorization Server supports the following features:

Category Feature Related specifications
  • Self-contained (JWT)

  • Reference (Opaque)

  • client_secret_basic

  • client_secret_post

  • client_secret_jwt

  • private_key_jwt

  • none (public clients)

  • The OAuth 2.1 Authorization Framework (Client Authentication)

  • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (RFC 7523)

  • Proof Key for Code Exchange by OAuth Public Clients (PKCE) (RFC 7636)