Spring Security OAuth 2.0.6.RELEASE Available Now

Releases | Dave Syer | February 02, 2015 | ...

Spring Security OAuth 2.0.6.RELEASE is available now in the usual repositories. It's a bug fix release, and users of 2.0.5.RELEASE should upgrade. The only critical bug was for users of JWT with refresh tokens, and there were also some people experiencing double encoding of redirect uris, which is now fixed. Highlights of new features:

  • (Much requested) ability to have non-expiring refresh tokens with no customizations (just set the validity period to zero or less)

  • The /token endpoint only accepts POST requests by default

  • Resource servers do not accept cookie based authentication by default (you have to switch it on)

  • Resource server configuration has a few new options including the ability to inject custom error handlers

Thanks, as usual, go to the community for contributing code and ideas. It feels like the community is growing, and that's always good to see. Finally, watch out for a new blog on Angular JS with Spring Security and OAuth2 coming out soon here.

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all