Servlet and Reactive OAuth2 Client consistency #15299
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: theme
An issue that describes a theme for a release
Milestone
This theme will focus on providing consistency for Servlet and Reactive applications that use OAuth2 Client features. Examples include providing consistent parameters for access token requests and notable differences in configuration of the underlying HTTP client (
RestTemplate
vsWebClient
).The goal of this effort will be to leverage the introduction of support for
RestClient
(introduced in Spring Framework 6.1) in order to opt-in to a new way of configuring OAuth2 Client features of Servlet applications that are more consistent with Reactive applications. This also provides an opportunity to introduce improvements for Servlet applications that would otherwise be breaking changes earlier than Spring Security 7.Once
RestClient
support is fully available, it also would be possible to consider deprecating support forRestTemplate
with the potential to remove support in Spring Security 7 while still providing adequate time to migrate toRestClient
support.The following issues are currently included in this theme:
RestClient
implementations ofOAuth2AccessTokenResponseClient
#15298OAuth2AccessTokenResponseClient
s in favor ofRestClient
-based ones #15737loginPage()
to DSL in reactiveoauth2Login()
#15674ClientRegistrationIdResolver
toExchangeFilterFunction
s #15825PrincipalResolver
toExchangeFilterFunctions
#16284Possibly related issues (not directly included in this theme):
The text was updated successfully, but these errors were encountered: