Invalid custom AuthorizationRequestRepository

[BingChunMoLi]

docs

1. Create a custom InMemoryOAuth2AuthorizationRequestRepository and configure it according to the document
2. Expected to use InMemoryOAuth2AuthorizationRequestRepository, but actually used HttpSessionOAuth2AuthorizationRequestRepository tip:

   Because springboot is provided as a backend API for Vue to use, So the following code was used.

   http
   .csrf().disable()
   .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

   Also, Can I provide InMemoryOAuth2AuthorizationRequestRepository for spring security？ I have One more question ,

   http.requestMatchers("/a")).permitAll()

if interface a throw Exception responseHeader have a Location http://127.0.0.1:8080/login . Is it expected behavior？ Alternatively, it is also a bug

• github repository https://github.com/BingChunMoLi/security_oauth_demo

[jzheaux]

Thanks for getting in touch, @BingChunMoLi! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.