explaingit

spring-attic/spring-security-oauth

4,698JavaAudience · developerComplexity · 3/5LicenseSetup · moderate

TLDR

The retired OAuth 1.0a and OAuth 2.0 library for Spring Java apps, now replaced by Spring Security and Spring Authorization Server, the repo is read-only and kept for historical reference.

Mindmap

mindmap
  root((spring-security-oauth))
    What it was
      OAuth 1.0a support
      OAuth 2.0 support
      Spring integration
    Roles supported
      OAuth consumer
      OAuth provider
      Resource server
    Status
      Officially retired
      No new features
      Read-only archive
    Migration path
      Spring Security
      Spring Auth Server
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Reference the sample applications to understand how OAuth 2.0 authorization flows were implemented in older Spring apps before migrating to the current libraries.

USE CASE 2

Migrate an existing app that depends on spring-security-oauth to the current Spring Security OAuth2 client and Spring Authorization Server.

Tech stack

JavaSpringSpring SecurityOAuth 2.0

Getting it running

Difficulty · moderate Time to first run · 1h+

This project is retired, use Spring Security and Spring Authorization Server for new projects instead.

Use freely for any purpose including commercial use under the Apache 2.0 license, modifications must preserve the license notice.

In plain English

This project added OAuth 1.0a and OAuth 2.0 support to Spring-based Java web applications. OAuth is a standard way for users to grant one website limited access to their account on another website without sharing their password, the same mechanism behind buttons like "Sign in with Google" or "Connect with GitHub." The library let Java developers build both sides of that handshake: the consumer side (an app that wants access to another service on behalf of a user) and the provider side (an app that grants or manages that access). It followed the standard Spring and Spring Security programming patterns, so developers already familiar with those frameworks could add OAuth support without learning a completely different set of abstractions. Important note: this project is no longer actively maintained. VMware, which took over stewardship, officially retired it. The OAuth 2.0 functionality it provided has been replaced by two current projects: Spring Security, which now handles the client and resource server roles directly, and Spring Authorization Server, which handles the authorization server role. Anyone starting a new project should use those instead. The repository remains publicly available and the README links to the successor projects. The code was released under the Apache Software License Version 2.0, which allows free use and modification. Sample applications were included to demonstrate how the integration worked for both OAuth 1.0a and OAuth 2.0 flows.

Copy-paste prompts

Prompt 1
I have a legacy Spring Boot app using spring-security-oauth2 version 2.x. Walk me through migrating the authorization server configuration to Spring Authorization Server 1.x.
Prompt 2
My old Spring app uses spring-security-oauth to act as an OAuth2 resource server. Show me the equivalent configuration in current Spring Security to replace it.
Prompt 3
I'm reading the spring-security-oauth sample apps to understand the OAuth2 authorization code flow. Explain what each sample demonstrates and which current Spring library replaces each one.
Prompt 4
Show me the differences between the deprecated @EnableAuthorizationServer annotation pattern and the current Spring Authorization Server RegisteredClient approach.
Open on GitHub → Explain another repo

← spring-attic on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.