Spring Security Adapt to form data not adding charset if it is UTF-8

In https://github.com/spring-projects/spring-framework/issues/31742 a change was made to not add the charset parameter if it is UTF-8 (more details on the linked issue). This affected some of the OAuth2 classes.

We should probably accept this breaking change and make sure that we include the necessary information in this ticket if users still need to include the charset parameter.

Comment From: marcusdacoregio

Closed via https://github.com/spring-projects/spring-security/commit/aa9c1bab67b5fa041462555dba6e7a655afb1e42

Comment From: sjohnr

If you are impacted by this issue, please consider adding a comment letting us know how you were impacted. This will help us understand if any environments are affected by removing charset parameter of the Content-Type header.

---

The following is a workaround that can be applied to restore the charset parameter of the Content-Type header for the authorization_code grant.

@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {

    ...

    @Bean
    public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenResponseClient() {
        var defaultHeadersConverter = new DefaultOAuth2TokenRequestHeadersConverter<OAuth2AuthorizationCodeGrantRequest>();
        var headersConverter = defaultHeadersConverter
            .andThen((headers) -> {
                headers.setContentType(new MediaType(MediaType.APPLICATION_FORM_URLENCODED, StandardCharsets.UTF_8));
                return headers;
            });

        var tokenResponseClient = new WebClientReactiveAuthorizationCodeTokenResponseClient();
        tokenResponseClient.setHeadersConverter(headersConverter);

        return tokenResponseClient;
    }

}

See the Customize Token Request Parameters section in the reference for information on customizing other grant types.