@jgrandja Thanks for your response. My concern with this approach is that we have to split the configuration. With spring boot it will give something like this.
spring:
application:
name: my-app
security:
oauth2:
client:
provider:
oauth0Management:
token-uri: https://<redacted>/oauth/token
registration:
oauth0Management:
client-authentication-method: POST
authorization-grant-type: client_credentials
client-id: <redacted>
client-secret: <redacted>
scope: read:users
anOtherClient:
client-authentication-method: POST
authorization-grant-type: client_credentials
client-id: <redacted>
client-secret: <redacted>
scope: read:users
registration-ext:
oauth0Management:
audience: "http://test/api"
whatever: "toto"
anOtherClient:
audience: "http://test/api"
This is not very elegant.
Something like this is preferable:
spring:
application:
name: my-app
security:
oauth2:
client:
provider:
oauth0Management:
token-uri: https://<redacted>/oauth/token
registration:
oauth0Management:
client-authentication-method: POST
authorization-grant-type: client_credentials
client-id: <redacted>
client-secret: <redacted>
scope: read:users
token-endpoint-additional-form-data:
audience: "http://test/api"
whatever: "toto"
anOtherClient:
client-authentication-method: POST
authorization-grant-type: client_credentials
client-id: <redacted>
client-secret: <redacted>
scope: read:users
token-endpoint-additional-form-data:
audience: "http://test/api"
whatever: "toto"
What do you think?
Originally posted by @jpiccaluga in https://github.com/spring-projects/spring-security/issues/7781#issuecomment-572233926
Comment From: jgrandja
Closing as duplicate of #7781