This theme will focus on providing consistency for Servlet and Reactive applications that use OAuth2 Client features. Examples include providing consistent parameters for access token requests and notable differences in configuration of the underlying HTTP client (RestTemplate vs WebClient).
The goal of this effort will be to leverage the introduction of support for RestClient (introduced in Spring Framework 6.1) in order to opt-in to a new way of configuring OAuth2 Client features of Servlet applications that are more consistent with Reactive applications. This also provides an opportunity to introduce improvements for Servlet applications that would otherwise be breaking changes earlier than Spring Security 7.
Once RestClient support is fully available, it also would be possible to consider deprecating support for RestTemplate with the potential to remove support in Spring Security 7 while still providing adequate time to migrate to RestClient support.
The following issues are currently included in this theme:
- [x] #11298
- [x] #14811
- [ ] #14657
- [x] #13588
- [x] #15298
- [x] #15737
- [x] #15674
- [ ] #15825
- [ ] #16284
Possibly related issues (not directly included in this theme):
-
11885
-
11097
Comment From: sjohnr
See also gh-16909 for removal of deprecated implementations.