Spring Security Consider adding PrincipalResolver to ExchangeFilterFunctions

We should align (Server|Servlet)OAuth2AuthorizedClientExchangeFilterFunction with OAuth2ClientHttpRequestInterceptor which introduces a PrincipalResolver as a flexible strategy for resolving the Authentication for a given request.

For ServletOAuth2AuthorizedClientExchangeFilterFunction, the interface could be:

@FunctionalInterface
public interface PrincipalResolver {

    @Nullable
    Authentication resolve(ClientRequest request);

}

For ServerOAuth2AuthorizedClientExchangeFilterFunction, it may need to return a Mono<Authentication> to accommodate ReactiveSecurityContextHolder:

@FunctionalInterface
public interface PrincipalResolver {

    @Nullable
    Mono<Authentication> resolve(ClientRequest request);

}

Comment From: evgeniycheban

Hi, @sjohnr can I work on this?

Comment From: jgrandja

@evgeniycheban Are you still interested on working on this?

Comment From: evgeniycheban

Hi @jgrandja, yes, you can assign it to me, however at the moment I'm working on gh-17188, I will submit a draft solution in a few days so we can discuss it further.

Comment From: jgrandja

Thanks and no rush @evgeniycheban. I have quite a bit going on now.