Spring Security Change Immutability for OAuth2AuthorizedClient

Expected Behavior

OAuth2AuthorizedClient and its nested classes are designed immutable. Can you change this behaviour?

Current Behavior

There are currently only "final" fields, full-args constructor and getter methods.

Context

I want to store this class in Redis and it's fine by using Jackson. But, there is exception during Deserialization, because it first creates object with no-arg constructor, then uses setter methods. Because of that, I can't retrieve record from Redis.

Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of org.springframework.security.oauth2.client.OAuth2AuthorizedClient (no Creators, like default constructor, exist): cannot deserialize from Object value (no delegate- or property-based Creator)

There is an option provided by Jackson to solve this. mix-in classes. (https://github.com/FasterXML/jackson-docs/wiki/JacksonMixInAnnotations)

I have created a mix-in class for OAuth2AuthorizedClient, but this time, its inner classes need their own mixin classes. so there will be some many dummy mixin classes and configurations, so it will causes complexity.

public class RedisObjectMapper implements RedisSerializer<OAuth2AuthorizedClient> {

    private final ObjectMapper om;

    public RedisObjectMapper() {
        this.om = new ObjectMapper()
               .addMixIn(OAuth2AuthorizedClient.class, TargetDataMixin.class);
    }

    @Override
    public byte[] serialize(OAuth2AuthorizedClient o) throws SerializationException {
        try {
            return om.writeValueAsBytes(o);
        } catch (JsonProcessingException e) {
            ...
        }
    }

    @Override
    public OAuth2AuthorizedClient deserialize(byte[] bytes) throws SerializationException {
        if(bytes == null){
            return null;
        }
        try {
            return  om.readValue(bytes, OAuth2AuthorizedClient.class);
        } catch (Exception e) {
            ...
        }
    }

}

public abstract class TargetDataMixin {
    @JsonCreator
    public TargetDataMixin(@JsonProperty("clientRegistration") ClientRegistration clientRegistration,
                           @JsonProperty("principalName") String principalName,
                           @JsonProperty("accessToken") OAuth2AccessToken accessToken,
                           @JsonProperty("refreshToken") OAuth2RefreshToken refreshToken) {
    }
}

Comment From: jgrandja

@dgempiuc Jackson support has been added in the 5.3.0 release via gh-7873. This includes OAuth2AuthorizedClientMixin and it's associated classes. See gh-4886 and gh-7889 for additional details.

I'll close this issue as a duplicate.