Skip to content

Providers Should Add an Authority Representing Successful Authentication #17933

New issue
New issue
Closed
Closed
Providers Should Add an Authority Representing Successful Authentication#17933
Assignees
jzheaux
Labels
in: coreAn issue in spring-security-coretype: enhancementA general enhancement
Milestone
7.0.0-RC1
@jzheaux

Description

@jzheaux
jzheaux
opened on Sep 18, 2025

If OneTimeTokenAuthenticationProvider issues an authority FACTOR_OTT upon completion, then authorization rules can state that username/password authentication is specifically required for an endpoint through an authorization rule:

http
    .authorizeHttpRequests((authorize) -> authorize
        .requestMatchers("/profile/**").hasAuthority("FACTOR_OTT")
        .anyRequest().authenticated()
    )

It would be valuable for all Spring Security authentication providers to add an authority like this one.

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions