Spring Security Support for using Azure WorkloadIdentity with Oauth2 Authorization Code Grant Flow

Expected Behavior

You should be able to use the oauth2.client.registration to configure the application to use the Federated token for client authentication in the Oauth2 Authorization Code Grant Flow.

i.e.

    spring:
      security:
        oauth2:
          client:
            registration:
              azure:
                provider: azure
                client-id: <CLIENT_ID>
                federated-token-file-path: <PATH TO FILE>
                scope: <SCOPE LIST>

Spring Security should handle reading in the token file and updating it when the token expires and is rotated.

The following parameters should be added to the request:

client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
client_assertion: <FEDERATED_TOKEN>

Implementation for spring-web is straight forward for non-reactive spring-web but will be more complex for reactive spring-webflux as reading a file is a blocking method.

Current Behavior

Currently this is not supported out of box. It can be achieved through custom parameter converters.

Context