Spring Authorization Server Goes GA: What This Means for OAuth 2.1 and OpenID Connect

On August 17, the Spring team announced that Spring Authorization Server has officially left experimental status and joined the Spring Project family.

This coincides with the release of version 0.2.0 this week, the first production‑ready version with official support.

Since its announcement in April 2020, Spring Authorization Server has implemented most of the OAuth 2.1 authorization protocol and provides moderate support for OpenID Connect 1.0. As the project moves to the next development phase, its focus will shift to advancing OpenID Connect 1.0 support.

We thank everyone who contributed to the project in such a short time and helped its development. We are confident in the foundation we have built and are excited that Spring Authorization Server is entering its next lifecycle. We look forward to continuing this work together and ultimately making Spring Authorization Server the de‑facto standard for OAuth 2 Authorization Servers on the Java platform.

Spring Authorization Server is now entering a preliminary production‑ready state and has a new code repository on GitHub:

https://github.com/spring-projects/spring-authorization-server

Further Reading

Spring Authorization Server is a project led by the Spring Security team that focuses on providing OAuth 2.1 Authorization Server support to the Spring community.

Before learning to use Spring Authorization Server, you should be familiar with the core modules in Spring Security:

Core OAuth 2.0

OAuth 2.0 Client

OAuth 2.0 Resource Server

OAuth 2.0 JOSE libraries