AuthenticationController
instance that will handle both Code Grant and Implicit Grant flows using either Code Exchange or Token Signature verification.HttpSession
, and is incompatible with clients
that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
This method will be removed in version 2.0.0. Use
AuthenticationController.buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)
instead.Throwable.getMessage()
Tokens
that represent successful authentication or authorization.HttpSession
for auth-based data, and is incompatible
with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie
restrictions. This method will be removed in version 2.0.0. Use
AuthenticationController.handle(HttpServletRequest, HttpServletResponse)
instead.AuthenticationController.Builder
instance to configure the AuthenticationController
response type and algorithm used on the verification.SessionUtils.get(HttpServletRequest, String)
but it also removes the value from the request session.Secure
attribute set or not.