A modern programming language that makes developers happier.

kotlinlang

hey everyone i have a quick question: since the authorization server for oauth2 is deprecated now, what is the preferred method to have oauth2 in spring going forward?

I believe it's in Spring Security now, isn't it? Whereas before, it was a standalone dependency.

`@EnableAuthorizationServer` is deprecated :confused:

I mean I believe all the Oauth code has been moved to Spring Security. Here's a migration from spring-security-oauth library.

<https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide>

I ran into the same issue.  That document you linked states `Since Spring Security doesn't provide Authorization Server support, migrating a Spring Security OAuth Authorization Server is out of scope for this document.` I had to revert to V2.3.5 of the OAuth2 library to continue working as I could not find any doc explaining how to migrate the Auth Server side of things.

Ah, okay. I wonder what Pivotal's plans or intentions are in this regard. I guess we'll ha e to wait and see. 

I don’t htink they have any plans. they recommend peopel stop rolling their own and use a third party tool.
<https://spring.io/blog/2019/11/14/spring-security-oauth-2-0-roadmap-update#no-authorization-server-support>

&gt; We are most definitely not promoting users to “build-their-own” authorization server. This would be a huge mistake for any team to take on unless they are solely focused on the application security domain and are specialists. It is extremely difficult to build a secure provider and really should be left to the specialists that provide these types of products. What we are promoting is to buy or leverage an open source provider for your application platform. The Spring Security team leverages Keycloak (<https://www.keycloak.org/>) for our internal development for client and resource server. It’s open-source and a much better option than to build your own.