Spring Security Support Sending Json Body instead of Multipart Form Data during WebClientReactive ClientCredentials TokenRequest

I want to send the Oauth Token request sent in case of Grant type Client Credentials as a JSON object { "grantType" : "client_credentials" } instead of Form data grant_type=client_credentials

Currently in those discussions I found two approaches https://github.com/spring-projects/spring-security/issues/7781 https://github.com/spring-projects/spring-security/issues/8612 One solution is create custom OAuth2ClientCredentialsGrantRequestEntityConverter and other is to use Filters along with BodyInserters, but in both solutions we are able to add/edit the form data object only and not replace it with a json body.

When I try this approach, I can edit the whole body to a String...but I need it to go as Json Object and not Json String enclosed within "" as this below code does

private ExchangeFilterFunction addCustomFilter() {
            return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {

                // Create a new ClientRequest.Builder and set the updated headers
                ClientRequest.Builder newRequestBuilder = ClientRequest.from(clientRequest);
                newRequestBuilder.header("Content-Type", "application/json");
                newRequestBuilder.body(BodyInserters.fromValue("{\"grant_type\": \"client_credentials\"}"));
                return Mono.just(newRequestBuilder.build());
            });
        }

and for OAuth2ClientCredentialsGrantRequestEntityConverter had method createParameters which is supposed to return MultiValueMap ....which is again map for constructing form data...so changing request body to Json here wont be possible

Comment From: sjohnr

@ashetty-boku thanks for reaching out!

Regarding WebClientReactiveClientCredentialsTokenResponseClient (which extends AbstractWebClientReactiveOAuth2AccessTokenResponseClient), the intent is to create a spec-compliant request, which uses multipart/form-data. These classes do not intend to support JSON request bodies, as this is not required by the spec. However, you are free to create your own ReactiveOAuth2AccessTokenResponseClient that does this and plug it into the framework (as in this example). Doing so would not be difficult and I believe it will solve the problem for you.

I'm going to close this issue, as I don't believe it is realistic or necessary to bend the existing WebClientReactiveClientCredentialsTokenResponseClient to solve this use case. Please let me know if I have missed anything in the context of your request and we can reopen if necessary.