Not sure if this is the correct channel or even workspace but was wondering if anyone had any expertise with Spring Security (I would post to the Spring Security channel but it hasn't had any postings since 2018). I have a created an Authentication Server which works fine, however, I am trying to create a CRUD for ease of token creation. My biggest hurdle is the login page. I am able to get the login page and all other endpoint permissions correct except now when hitting the oauth/token endpoint with bad credentials, instead of receiving a 403, i receive a 200 with the login page. I tried to nest the form login lines under an ant matcher but doing so results in the login page not being able to read CSRF. When disabling CSRF, I get a 405 when trying to login