Joe Grandja is a Principal Software Engineer and application security specialist based in Toronto, with a 25-year history of designing and delivering enterprise-grade systems across financial services. He leads OAuth 2.0 and OpenID Connect efforts for Spring Security and Spring Authorization Server as a core committer, shaping authentication and authorization support used widely in Java ecosystems. His background spans solution architecture, SSO/SAML implementations, and building resilient microservices platforms for banks like BMO and TD, combining deep security know-how with pragmatic engineering. Joe’s open-source contributions include fixing subtle redirect URI and token-handling bugs in spring-security OAuth components—work that improves real-world security posture for many deployments. He’s equally at home drafting compliance-focused security controls with InfoSec teams as he is refactoring core framework code for better reusability. A former architect of large trading and banking platforms, he brings both hands-on coding and systems-level judgment to complex, regulated environments.
Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
Role in this project:
Back-end Developer
Contributions:6 reviews, 315 commits, 229 PRs in 6 years 1 month
Contributions summary:Joe primarily focused on enhancing the Spring Security OAuth2 library. Their contributions involved fixing bugs related to subdomain and port matching within the DefaultRedirectResolver, enhancing the functionality of redirect URI validation. They also added support for single scope strings in token converters and addressed issues with the handling of refresh tokens and invalid token responses, improving overall stability and security. Furthermore, they corrected a logout link in a sample application and addressed other minor code issues.
Contributions:37 releases, 312 reviews, 577 commits in 2 years 7 months
Contributions summary:Joe's commits focused on enhancing the Spring Authorization Server, specifically addressing an issue related to client secret handling. Their work involved modifications to the OidcClientRegistrationAuthenticationProvider and tests, indicating contributions to the core authorization server functionality. The user also added code to handle potential errors and ensure compliance with security best practices regarding authentication methods.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Joe Grandja - Principal Software Engineer at VMware Tanzu