ServerBearerTokenAuthenticationConverter does not support form encoded body parameter

[jonah1und1]

Describe the bug When using opaque tokens with an OAuth 2 resource server, webflux's ServerBearerTokenAuthenticationConverter does not support authentication via url-encoded POST requests with their access token as a body parameter.
RFC-6750 Sec. 2.2 describes this behaviour and it is supported by DefaultBearerTokenResolver in mvc.

To Reproduce Create a POST endpoint for which authentication with an OAuth 2 resource server with an opaque token is needed. Doing so with the reactive stack does not allow for authentication via a body parameter.

Expected behavior Providing a body parameter with a valid access token named access_token should authenticate the request.

Sample A sample project with designated test cases for the mvc and reactive stack can be found here: https://github.com/jonah1und1/spring-security-rfc6750-2.2

[jonah1und1]

Any updates on this?
I happily improve on the issue description and/or pull request if needed.

[sjohnr]

@jonah1und1 thanks for checking. We are working on a few high priority items for the release and then I will be reviewing your PR. If you would like to get a head start, please check the PR for modern java features from Java 11+ and switch back to corresponding Java 8 features. We are not yet ready to update most of the source code to Java 17 features because we are following Spring Framework's lead on which language features we are using.

[jonah1und1]

@sjohnr Thank you. I will do that.

[jonah1und1]

@sjohnr Did you have any time to take a look at the PR yet?