A number of popular community modules are built on spring-security-oauth plugin:

• OAuth2 google
• OAuth2 github
• OAuth2 geonode
• OAuth2 OpenID Connect

Support for OAuth2 in GeoServer is based on the deprecated spring-security-oauth library. The same functionality is now provided by spring-security itself, but exposing a different API, making the GeoServer plugin incompatible.

Our GeoServer security integrations will need to be rewritten to use the spring-security framework directly.

The good news is that this activity is available to be worked on immediately with spring-security 5.8 and then migrated to spring-security 6. Other projects such as GeoNetwork have already made the transition.

The use of spring-security 6 requires removing spring-security-oauth plugin.

In planning