All work

AdministrativeLogoutConfiguration for OIDC

Protocol trace log only display first parameter value

Multiple resource parameters cause MessageDecodingException

Add flag to block additional audiences from initial access token

Provide method for strict scope validation

Provide method to customise response message contents

Refactor support for non-URI resource indicators for Nimbus v11

Provide method to avoid Nimbus message parsing restrictions

Support for OAuth2 Attestation-Based Client Authentication

Support for OAuth 2.0 Demonstrating Proof of Possession (DPoP)

Enhance metadata and unregistered client policy config options

Support additional refresh token types

Allow redirection URI validation via custom function

Support unregistered client policies in userinfo/token/introspection/revocation

Improve authorization_code replay revocation lifetime

Attribute recipient grouping ID is not set in the token and userinfo flows

Implement maximum refresh time and/or maximum refresh uses.

Improve configuration for the refresh token issuance

Configurability of ID Token issuance via Refresh Tokens

Possible race condition when validating client secret against the RP metadata

Improve token audience handling with JWT authentication

Add property for defining c14n flows for the OAuth2Client flow

Allow customization for mappedErrors of OP flows

Logging of missing relying party ID is confusing

Include sid claim in id_token

refresh_token & audience

Take clock skew into account in revocation lifetimes

Permit token without redirect_uri when client has registered only one redirect_uri

Support manipulating claims encoded inside authz code and tokens

IDTokenLifetime property misspelled in metadata-backed wiring

Support to manipulate claims within the ID_Token

Token rotation: revocation flooding

OIDC Access token using RFC 9068 "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens" on Authorization Code Flow with PKCE

Still unable to request a claim to be placed in the ID_token

Windows compatibility in spring inport

Support for refresh token rotation

Public clients are not able to access the token endpoint

Inbound and outbound interceptor flows are not wired to the OIDC flows

Profile config flag refreshTokensEnabled not honored by the token flow

Support resource owner password grant

Lack of openid scope in metadata doesn't prevent id_token issuance

Scope handling changes to accomodate client_credentials grant

Mutual TLS client authentication

Profile config for bypassing attribute resolution not honored

Support for client_credentials grant

Support JWT access tokens for code or implicit grants

Release policy for OAuth2 scope values based on IdPAttributes