Allow reuse of internal utility classes #2110
Description
Expected Behavior
Utility classes like the following should be available for reuse:
- org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2EndpointUtils
- org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthenticationProviderUtils
Current Behavior
Those classes are package protected and therefore can't be reused.
Context
When customising authentication providers and converters, it's common we need to reuse the logic already available in methods like getFormParameters(), getQueryParameters(), getAuthenticatedClientElseThrowInvalidClient() and accessToken(), but unfortunately this is not currently possible and requires us to duplicate the utility class, which is not optimal.