ServerBearerTokenAuthenticationConverter does not support form encoded body parameter

[jonah1und1]

Describe the bug
When using opaque tokens with an OAuth 2 resource server, webflux's ServerBearerTokenAuthenticationConverter does not support authentication via url-encoded POST requests with their access token as a body parameter.
RFC-6750 Sec. 2.2 describes this behaviour and it is supported by DefaultBearerTokenResolver in mvc.

To Reproduce
Create a POST endpoint for which authentication with an OAuth 2 resource server with an opaque token is needed. Doing so with the reactive stack does not allow for authentication via a body parameter.

Expected behavior
Providing a body parameter with a valid access token named access_token should authenticate the request.

Sample
A sample project with designated test cases for the mvc and reactive stack can be found here:
https://github.com/jonah1und1/spring-security-rfc6750-2.2

[jonah1und1]

Any updates on this?
I happily improve on the issue description and/or pull request if needed.

[sjohnr]

@jonah1und1 thanks for checking. We are working on a few high priority items for the release and then I will be reviewing your PR. If you would like to get a head start, please check the PR for modern java features from Java 11+ and switch back to corresponding Java 8 features. We are not yet ready to update most of the source code to Java 17 features because we are following Spring Framework's lead on which language features we are using.