In Spring Security 6.2 and 6.3, we have worked to steadily improve configuration for applications using OAuth2 Client. Configuration for common use cases has been simplified by allowing applications to publish beans which are automatically included in the overall OAuth2 Client configuration during application startup. Recent improvements include: Extension grant types can be enabled simply by publishing a bean of type OAuth2AuthorizedClientProvider (or ReactiveOAuth2AuthorizedClientProvider) OAuth 2.0 Access Token Requests can be extended with custom parameters simply by publishing one or more beans of type OAuth2AccessTokenResponseClient (or ReactiveOAuth2AccessTokenResponseClient) Spring Security automatically publishes a bean of type OAuth2AuthorizedClientManager (or ReactiveOAuth2AuthorizedClientManager) if one is not already published, requiring less boilerplate configuration when an application needs to obtain access tokens In Spring Security 6.4, this theme continues with a round of improvements focused on RestClient, which is a new HTTP client introduced in Spring Framework 6.1. RestClient provides a fluent API that is incredibly similar to that of WebClient but is synchronous and does not depend on reactive libraries. This means that configuring an application to make protected resources requests using OAuth2 Client is much simpler and does not require any additional dependencies. Additionally, improvements have been made to provide consistency between servlet…Read More