Skip to content

OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter #18873

Closed
Closed
OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter#18873
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: bugA general bug
Milestone
7.0.4
@jgrandja

Description

@jgrandja
jgrandja
opened on Mar 10, 2026

OAuth2DeviceVerificationEndpointFilter should be applied after AuthorizationFilter in order for Multi-Factor Authentication to take effect (if configured).

Currently, MFA is not applied correctly for Authorization Server. Moving OAuth2DeviceVerificationEndpointFilter after AuthorizationFilter will resolve this issue.

Related gh-18251

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions