Docs/Add Hardware-Backed Sign-In to Your Application/ Spring Boot (Spring Security)
View as .md

Spring Boot (Spring Security)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

Spring Security OAuth2 Client provides OIDC auto-discovery. Key configuration:

  • Add spring-boot-starter-oauth2-client dependency
  • Configure spring.security.oauth2.client.provider.vouch.issuer-uri for auto-discovery
  • Set authorization-grant-type: authorization_code and scope: openid,email
  • Enable PKCE with OAuth2AuthorizationRequestCustomizers.withPkce()
  • Hardware attestation claims (hardware_verified, hardware_aaguid) are in the access token JWT — decode the payload to read them

Example

web/spring-boot — Complete working example with Spring Security OIDC, PKCE, and hardware claim extraction.