Cannot request access token for client with CLIENT_SECRET_BASIC

[jrmcdonald]

Describe the bug
The ClientSecretBasicAuthenticationConverter#L89 uses the deprecated ClientAuthenticationMethod.BASIC. This means that if you have a registered client with the ClientAuthenticationMethod.CLIENT_SECRET_BASIC, you cannot request an access token as the check in OAuth2ClientAuthenticationProvider.java#L103 fails.

To Reproduce

1. Run the sample authorization server in this repository
2. Request an access token:

curl --location --request POST 'http://localhost:9000/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic bWVzc2FnaW5nLWNsaWVudDpzZWNyZXQ=' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=message.read'

3. Observe successful response
4. Modify the registered client authentication method to ClientAuthenticationMethod.CLIENT_SECRET_BASIC
5. Repeat the above request
6. Observe 401 response

Expected behavior
Response should be 200 with a valid access token.

[sjohnr]

@jrmcdonald, thanks for the bug report! As you can see, a community member is already working on this.

[jrmcdonald]

Hi @sjohnr, thanks for that, do you know which milestone this is likely to be included in?

[jgrandja]

@jrmcdonald This is now merged and ready for 0.2.0.