This theme will focus on providing consistency for Servlet and Reactive applications that use OAuth2 Client features. Examples include providing consistent parameters for access token requests and notable differences in configuration of the underlying HTTP client (RestTemplate vs WebClient).

The goal of this effort will be to leverage the introduction of support for RestClient (introduced in Spring Framework 6.1) in order to opt-in to a new way of configuring OAuth2 Client features of Servlet applications that are more consistent with Reactive applications. This also provides an opportunity to introduce improvements for Servlet applications that would otherwise be breaking changes earlier than Spring Security 7.

Once RestClient support is fully available, it also would be possible to consider deprecating support for RestTemplate in a future release with the potential to remove support in Spring Security 7 while still providing adequate time to migrate to RestClient support. However, deprecation and removal of RestTemplate support is not yet planned.

The following issues are currently included in this theme:

• #11298
• #14811
• #14657
• #13588
• #15298
• #15674

Possibly related issues (not directly included in this theme):

• #11885
• #11097