Add support for requesting protected resources with RestClient

[mjeffrey]

Expected Behavior
Allow the use RestClient (to be introduced in Spring 6.1) for blocking calls in a non reactive application In Oauth2 Client.
See https://spring.io/blog/2023/07/13/new-in-spring-6-1-restclient.

Current Behavior
Only WebClient is supported which means a lot of reactive dependencies are pulled in when using Oauth2 Client even in a blocking application.

Context
To avoid the dependency issue we are using RestTemplate (with interceptors) but would prefer to see a supported solution.

[sjohnr]

@mjeffrey thanks for starting the conversation on this!

To clarify, are you specifically directing this issue toward providing support for RestClient in OAuth2 equivalent to the existing ServletOAuth2AuthorizedClientExchangeFilterFunction which supports WebClient?

[mjeffrey]

@sjohnr
I don't want to ask for too much related to implementation, you guys know this much better than me but I think what you said would do what is needed for us.

What I'd like to achieve is to be able to use the new RestClient with the Oauth2 client and to not need the reactive libraries.

In my company we are in the process of migrating a number of Spring Boot 2 (keycloak Oauth2 client) to Spring Boot 3 projects.
The Keycloak client no longer supports Spring Boot 3 and so we are moving to Spring Security Oauth2 client.
However the requirement to use WebClient is one of the things holding some teams back.

[sjohnr]

Ok, I've changed the title of the issue to what I think aligns with the request as a starting point, and we can go from there. Since the only part of OAuth2 Client for a Servlet environment that directly uses reactive libraries is ServletOAuth2AuthorizedClientExchangeFilterFunction, this issue can be used to provide equivalent support.

[alexcrownus]

I was about to create a similar issue, glad someone already did. Many thanks @mjeffrey.

Since support for RestTemplate was dropped because it is now in maintenance mode, there should now be support for the new RestClient for Servlet applications without using WebClient in blocking mode.

[tudburley]

I am maintaining a library, which provides a blocking WebClient with OAuth2 client credentials support and also want to migrate to the new RestClient. At the moment the OAuth2 support in this library is built with ServerOAuth2AuthorizedClientExchangeFilterFunction.

Will there be also non-reactive equivalents for ServerOAuth2AuthorizedClientExchangeFilterFunction?

[sjohnr]

@tudburley we already have ServletOAuth2AuthorizedClientExchangeFilterFunction, is that what you're asking about? Otherwise, I'm not sure I understand the question. If you have a different enhancement suggestion than what is being discussed here, feel free to open a new issue with the details.