Published on Aug 23, 2022
A GA release of Spring Authorisation Server 1.0 is planned for November 2022, just over two years after it was introduced to the Java community. The Spring Authorisation Server project replaces the Spring Security OAuth project, which has already been declared end-of-life. Spring Security leads the project and provides support for OAuth 2.1 Authorisation Server for Spring applications.
Project requires Spring Framework 6.0, Java 17, Tomcat 10 or Jetty 11, and Spring Security 6.0 which depends on Spring Framework 6.0. Public APIs and configuration are still being improved, which will result in breaking changes.
GitHub Milestones displays the various milestone releases and release candidates leading up to Spring Authorisation Server 1.0. Spring Authorisation Server 0.4.0 will also be released using Spring Security 5.x and Java 8.
A popular project supporting most of the OAuth specification, Spring Security OAuth was originally introduced ten years ago. Various projects, such as CloudFoundry User Account and Authentication (UAA), used it as the basis for OAuth solutions. OAuth 1.0 and 2.0 were both supported, while 1.0 has been deprecated. Some user scenarios were not supported by the implementation, which was largely written by the Spring team.
Spring Authorisation Server was written from scratch exclusively for OAuth 2.0, based on the Nimbus library and supporting JSON Web Token (JWT) claims, OpenID Connect (OIDC) and reactive programming.
Spring Authorisation Server is supported by both VMware Tanzu’s Open Source Software Support and its Commercial Support.
Spring Authorisation Server welcomes contributions and recommends reading the contributing documentation.
