SpringBoot Adapt OpaqueTokenIntrospector auto-configuration so that Nimbus is no longer required

Since Spring Security implemented their own SpringOpaqueTokenIntrospector (see https://github.com/spring-projects/spring-security/issues/9354), Spring Boot should configure that by default instead of relying on the com.nimbusds:oauth2-oidc-sdk dependency.

This PR replaces the NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in the default configuration, allowing applications to remove the com.nimbusds:oauth2-oidc-sdk dependency.

Comment From: pivotal-cla

@lukaskusterbi Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

Comment From: lukaskusterbi

@pivotal-cla This is an Obvious Fix

Comment From: pivotal-cla

@lukaskusterbi This Pull Request contains an obvious fix. Signing the Contributor License Agreement is not necessary.

Comment From: snicoll

@lukaskusterbi unfortunately I don't think that qualifies as an obvious fix. I don't know what we're going to do with this PR but you'll need to sign the CLA if we decide to merge it.

Comment From: lukaskusterbi

OK, thanks for the heads-up. I'll need to check with Legal since it's not on our list of approved CLAs.

Comment From: pivotal-cla

@lukaskusterbi Thank you for signing the Contributor License Agreement!

Comment From: mbhave

@jzheaux Is this what the Spring Security team recommends for Spring Boot auto-configuration?

Comment From: jzheaux

Yes, @mbhave, SpringOpaqueTokenIntrospector is best given that it removes the dependency on oauth2-oidc-sdk. I think it would be good to do the same thing with SpringReactiveOpaqueTokenIntrospector.

Comment From: lukaskusterbi

Shall I adapt the configuration for SpringReactiveOpaqueTokenIntrospector as well? Or should that be done in a separate PR?

Comment From: snicoll

@lukaskusterbi if you have time, please go ahead! You can update this PR by pushing more to the configure_springopaquetokenintrospector branch.

Comment From: wilkinsona

Thanks very much for making your first contribution to Spring Boot, @lukaskusterbi.