Spring Security OAuth 2.1 Support/Roadmap

Which features from OAuth 2.1 will be supported by Spring Security? Is there a roadmap or any documentation on this topic?

For example: - [ ] PKCE support (partially implemented) - [ ] Remove implicit grant (deprecated, to be removed) - [ ] Remove password grant - [ ] Remove query-based bearer tokens - [ ] Constraints on refresh tokens - [ ] Redirect URI enforcement changes

Comment From: jgrandja

@metacubed Please review the reference documentation to see what features have been implemented.

Also, review the open issues for the in: oauth2 tag to see what features are in the backlog.

If there is a specific feature you are looking support for then please log a separate ticket for each.