Skip to content


Spring Authorization Server Gitter Build Status Revved up by Develocity

The Spring Authorization Server project, led by the Spring Security team, is focused on delivering OAuth 2.1 Authorization Server support to the Spring community.

This project replaces the Authorization Server support provided by Spring Security OAuth.

Feature Planning

This project uses GitHub Projects to prioritize the feature roadmap and help organize the project plan. The project board can be accessed here.

The feature list can be viewed in the reference documentation.

Support Policy

The Spring Authorization Server project provides software support through the VMware Tanzu OSS support policy. Commercial support, which offers an extended support period, is also available from VMware.

Getting Started

The first place to start is to read the OAuth 2.1 Authorization Framework to gain an in-depth understanding on how to build an Authorization Server. It is a critically important first step as the implementation must conform to the specification defined in the OAuth 2.1 Authorization Framework and the related specifications.

The second place to start is to become very familiar with the codebase in the following Spring Security modules:

A significant amount of effort was put into developing the Next Generation OAuth 2.0 Support in Spring Security. The goal is to leverage all the knowledge learned thus far and apply the same to the development of Spring Authorization Server.

Submitted work via pull requests should follow the same coding style/conventions and adopt the same or similar design patterns that have been established in Spring Security’s OAuth 2.0 support.


Be sure to read the Spring Authorization Server Reference and Spring Security Reference, as well as the OAuth 2.0 Reference, which describes the Client and Resource Server features available.

JavaDoc is also available for the Spring Authorization Server API and Spring Security API.

Code of Conduct

Please see our code of conduct.

Downloading Artifacts

See downloading Spring artifacts for Maven repository information.

Building from Source

Spring Authorization Server uses a Gradle-based build system. In the instructions below, ./gradlew is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build.


Git and the JDK17 build.

Be sure that your JAVA_HOME environment variable points to the jdk17 folder extracted from the JDK download.

Check out sources

git clone

Install all spring-\* jars into your local Maven cache

./gradlew publishToMavenLocal

Compile and test; build all jars, distribution zips, and docs

./gradlew build

Discover more commands with ./gradlew tasks.

Getting Support


Pull requests are welcome; see the contributor guidelines for details.


Spring Authorization Server is Open Source software released under the Apache 2.0 license.