Spring Security Add support for any data type in Access Token Response

The expires_in parameter in an OAuth 2.0 Access Token response should be a JSON number.

As per spec, in section 5.1 Successful Response:

expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.

Sample response:

{
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"example",
       "expires_in":3600,
       "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
       "example_parameter":"example_value"
     }

OAuth2AccessTokenResponseHttpMessageConverter should support Converter's that operate on Map<String, Object> NOT the current Map<String, String>.

Comment From: mychaint

hi @jgrandja are you working on it

Comment From: jgrandja

@mychaint Yes, I'll be taking this one.

The change required here is not as simple as it looks. I will need to @Deprecate setTokenResponseConverter() and setTokenResponseParametersConverter() and provide equivalent setters that operate on Map<String, Object>.

We can't simply change Map<String, String> to Map<String, Object> as this would break existing applications.

I've scheduled this for 5.6 so I will likely not get to this for a bit still.