Currently the methods in org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2EndpointUtils are all package private, and your provided AuthenticationConverters make good use of them.
So when creating a custom AuthenticationConverter if I want to get the OAuth form/query parameters I cannot make use of your utility methods and I have to create my own. And as I know yours have been battle tested, this ends up being just a copy and paste of your methods.
Is there a reason they were made package private originally? Because by making them public it would obviously save code duplication and more importantly, save us having to check for patches in that class when you release new versions.