Description
Describe the bug
OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration does not use the OAuth2AuthorizedClientManager provided by the Spring configuration, therefore @RegisteredOAuth2AuthorizedClient annotated parameters do not use potential customization done in the config.
To Reproduce
Let's say you want to customize the access token response for a refresh like described in the doc
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken(configurer -> configurer.accessTokenResponseClient(myCustomAccesTokenResponseClient()))
.clientCredentials()
.password()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}this will not be taken into account when the token is refreshed through a @RegisteredOAuth2AuthorizedClient parameter because OAuth2ClientConfiguration creates a OAuth2AuthorizedClientManager by itself.
Expected behavior
Maybe OAuth2ClientConfiguration.OAuth2ClientWebMvcSecurityConfiguration should inject an OAuth2AuthorizedClientManager and use this one if it exists ? (or allow the customization of the manager created if it is intended to create a different one).