Spring Security Implement reactive support for JWT as an Authorization Grant

This ticket addresses the reactive support for gh-6053.

Comment From: jonathannaguin

@sjohnr a question about this implementation:

In PasswordReactiveOAuth2AuthorizedClientProvider.java, the username and password are retrieved from the context as attributes. Why is the JWT token treated differently?

Comment From: sjohnr

Hi @jonathannaguin, that's a good question.

In this case, the goal was to align the reactive implementation with JwtBearerOAuth2AuthorizedClientProvider, which uses the authentication principal. All I can say for certain is that the password grant implementations do require context attributes to capture the credentials from request parameters (see docs) whereas other implementations (intentionally) do not. This most likely has to do with the need to access the request, which would not be available to a (Reactive)OAuth2AuthorizedClientProvider.