Servlet and Reactive OAuth2 Client consistency
sjohnr opened this issue · comments
This theme will focus on providing consistency for Servlet and Reactive applications that use OAuth2 Client features. Examples include providing consistent parameters for access token requests and notable differences in configuration of the underlying HTTP client (RestTemplate
vs WebClient
).
The goal of this effort will be to leverage the introduction of support for RestClient
(introduced in Spring Framework 6.1) in order to opt-in to a new way of configuring OAuth2 Client features of Servlet applications that are more consistent with Reactive applications. This also provides an opportunity to introduce improvements for Servlet applications that would otherwise be breaking changes earlier than Spring Security 7.
Once RestClient
support is fully available, it also would be possible to consider deprecating support for RestTemplate
in a future release with the potential to remove support in Spring Security 7 while still providing adequate time to migrate to RestClient
support. However, deprecation and removal of RestTemplate
support is not yet planned.
The following issues are currently included in this theme:
Possibly related issues (not directly included in this theme):