The current state of OAuth 2.0 Support, within the Spring projects portfolio, is spread out between Spring Security OAuth, Spring Cloud Security, Spring Boot 1.5.x, and the new support introduced in Spring Security 5. As a user of OAuth, you may be asking, "Which project(s) do I use? And why has Spring Security 5 introduced new support into the mix?"
To put it simply, there was a need to unify the OAuth 2.0 support into one project in order to provide a clear choice to the user and to avoid any potential confusion. In addition, the OAuth 2.0 support needed to take the next level and provide more extensive support for OAuth 2.0 and OpenID Connect 1.0. Also, based on community feedback, documentation needed to be re-vamped in order to allow for ease of use and promote developer productivity. Based on all these factors, we decided to start afresh and build the next generation of OAuth 2.0 support in Spring Security 5.
At this time, we would also like to announce that the Spring Security OAuth project is officially in maintenance mode. We will provide bug/security fixes and consider adding minor features but we will not be adding major features. Our focus and efforts going forward will be put into building all the features currently in Spring Security OAuth into Spring Security 5.x. After Spring Security has reached feature parity with Spring Security OAuth, we will continue to support bugs and security fixes for at least one year.
We’ve put together a feature matrix that outlines all the OAuth 2.0 features implemented by the various projects within the Spring portfolio. This matrix may be used to determine which project(s) to use (today) based on your OAuth 2.0 requirements. It also serves as a roadmap of the features to be implemented as we move towards feature parity with Spring Security OAuth.