Spring Security Allow WebClientReactiveClientCredentialsTokenResponseClient to be extended to customise the request body

I am using the spring security oauth client to request and cache an oauth2 token for machine to machine authentication.

When I request the oauth token I have to specify an 'audience' attribute in the request body, but the WebClientReactiveClientCredentialsTokenResponseClient doesn't support custom parameters, so I am unable to use it. WebClientReactiveClientCredentialsTokenResponseClient is difficult to extend due to private and static methods

Can you change private static BodyInserters.FormInserter<String> body(OAuth2ClientCredentialsGrantRequest authorizationGrantRequest) {

to protected BodyInserters.FormInserter<String> body(OAuth2ClientCredentialsGrantRequest authorizationGrantRequest) {

Then I can extend WebClientReactiveClientCredentialsTokenResponseClient, call super.body, and then add in my custom parameters.

Comment From: jgrandja

@robert-parr Can you please provide the version you are using?

Have you considered providing a customized WebClient via WebClientReactiveClientCredentialsTokenResponseClient.setWebClient() that is composed of an ExchangeFilterFunction using ExchangeFilterFunction.ofRequestProcessor()? This would give you full control on modifying the outgoing ClientRequest.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

Comment From: robert-parr

I attempted to use the ExchangeFilterFunction.ofRequestProcessor() but was unable to update the body (I could create a new one, but not update the existing body). Having studied the WebClientReactiveClientCredentialsTokenResponseClient class further I fully understand what it is doing now, and am happy to implement the interface and create my own class.

This enhancement is no longer required. Thanks for your suggested solutions.