Hi Spring fans! In this installment, we look at username/passwords, one-time tokens, passkeys, multi-factor authentication, and OAuth, and a bunch of other nice features in Spring Security 7!

Coffee + Software

A walkthrough of Spring Security 7.0 covering authentication and authorization features. Topics include JDBC-based user management, password encoding migration (SHA-256 to bcrypt to Argon2 via Password4j), one-time token (magic link) authentication, WebAuthn/passkeys support, multi-factor authentication with the new @EnableMultiFactorAuthentication annotation, and setting up an OAuth2 authorization server with a resource server and client. The tutorial also demonstrates the new additive security customizers that avoid overriding Spring Boot defaults, and declarative HTTP clients with automatic OAuth2 token injection.