Spring Security Consider Making JwtDecoders return type generic

Related to https://github.com/spring-projects/spring-security/issues/6010

Expected Behavior

Change the methods in JwtDecoders from returning JwtDecoder to returning <J extends JwtDecoder>:

public static <J extends JwtDecoder> J fromOidcIssuerLocation(...)

Then, a downcast isn't necessary:

NimbusJwtDecoder jwtDecoder = JwtDecoders.fromOidcIssuerLocation(...);

Current Behavior

To further configure a JwtDecoder returned by JwtDecoders, it's necessary to perform a downcast:

NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.fromOidcIssuerLocation(...);
jwtDecoder.setJwtValidator(...);

Context

I'm not certain if this is passive from this chart. There are two points that seem relevant in the "Evolving API classes - API methods and constructors" section:

Change result type (including void) .... Breaks compatibility Add type parameter if method has no type parameters .... Binary compatible

Testing against the latest release of Spring Boot could help to confirm one way or the other.