OAuth2ClientConfiguration discovers client_credentials OAuth2AccessTokenResponseClient

[jgrandja]

We should allow for a @Bean of type OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> to be discovered by OAuth2ClientConfiguration. This would than be associated with OAuth2AuthorizedClientArgumentResolver.setClientCredentialsTokenResponseClient().

Ultimately, this will allow the user to register a DefaultClientCredentialsTokenResponseClient @Bean with a configured RestOperations and/or Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>>.

[jgrandja]

@fritzdj Thanks for taking this on! To start off, please get familiar with the Contributing guidelines.

After you setup your spring-security fork in your local dev environment, get familiar with OAuth2ClientConfiguration as this is where you will need to apply the updates. Also, take a look at OAuth2ClientConfigurationTests to see how to go about writing the test.

Let me know whenever you have any questions.
Thanks!

[clevertension]

@fritzdj are you working on this issue? if not, i can provide a PR 😛

[fritzdj]

Go for it @clevertension. I should have time later this week if you don't get to it.

[clevertension]

👍, it's yours, go ahead and nice coding

[fritzdj]

@jgrandja, can you please respond to my questions from https://gitter.im/spring-projects/spring-security?at=5c81cda88f294b134a0768d2 - I'm not sure which platforms works best for these types of questions.

NOTE: I think I understand the second question now -> it's not really tied to the principle for client credentials calls after testing it out. I'm still questioning how to best handle refreshing access tokens - it seems like it should be a part of the handler to get an authorized client. Please let me know your thoughts.

[jgrandja]

@fritzdj

I'm not sure which platforms works best for these types of questions.

It's best to keep the questions/dialogue either in this issue or the submitted PR.

I'm still questioning how to best handle refreshing access tokens

Thanks for catching this! This needs to be implemented in a separate PR so I've logged #6609 to track it.