@opcooc Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@opcooc Thank you for signing the Contributor License Agreement!

Thanks for the PR, @opcooc.

It looks like the default changed late in the 1.3 development cycle. Without this change, if a Boot users wants to flip the default back to its previous value, they would have to stop using the spring.security.oauth2.authorizationserver.* properties and define their own AuthorizationServerSettings bean. That feels rather clunky to me so I am tempted to treat this is a bug and to add a property to make it easier in Spring Boot 3.3.x.

@jgrandja, what's you take on this please? Does the above sound reasonable or is allowing multiple issuers sufficiently rare that would could introduce the property in Boot 3.4 and require an AuthorizationServerSettings bean in 3.3.x?

@wilkinsona Yes, the default for AuthorizationServerSettings.multipleIssuersAllowed was reverted to false just before we released 1.3 because a default of true did not automatically make the authorization server multi-tenant capable as there are a a few custom configurations required by the application as indicated in the How-to: Implement Multitenancy guide.

We should add a Boot property for AuthorizationServerSettings.multipleIssuersAllowed to be consistent with the existing properties available for the AuthorizationServerSettings. I think merging this PR in 3.3.x is totally fine but I'll leave it up to you. And apologies, I should have raised a ticket for this so it made it into 3.3.0.

Thanks, @jgrandja. In that case, we'll consider this to be a bug of omission and add the property in 3.3.x.

Thank you, @opcooc. I polished your changes as part of merging them. Please see 1a6760e if you're interested.

Polish "Add configuration property to allow multiple issuers"

Thank you for helping me modify