Add Authorization Code Grant sample

[dfcoffin]

This sample should integrate with spring-security-oauth2-client and spring-security-oauth2-resource-server.

[andifalk]

With the authorization grant, you actually mean the authorization code grant?

If yes, then we also need an epic for authorization code grant first (same as for client credentials). Especially as the authorization code grant is more complex than the client credentials grant type.
And authorization code grant also must support PKCE.

[jgrandja]

@dfcoffin Can you please provide details on this issue.

[dfcoffin]

@andifalk Yes, I mean the authorization code grant. I attempted to create an epic but was unable to post it, so I provided the Feature issue. We can add an authorization code grant epic and reference it here.

I agree the authorization grand also should support PKCE, as an optional value and will update the request. I used the Authorization Code Grant section of RFC 6749 to define the issue, without also referencing the additional RFCs that have been adopted since the publication of RFC 6749.

Perhaps a possible approach is to define an epic for each of the OAuth 2.0 "stand-alone" RFC and then issues can be tied to them.

[jgrandja]

@dfcoffin @andifalk Yes, the plan is to group a major feature using epics. I'm actually planning on logging a bunch of issues for the authorization_code grant and grouping it into this epic. However, our goal really is to flush out #19 first and then work on authorization_code. That may change though if we have contributors working on both flows :)

[dfcoffin]

@jgrandja Is the plan to continue tracking this project in the spring-security-oauth Gitter channel or will there be a spring-authorization-server channel established since spring-security-oauth is actively being implemented and will be supported by Pivotal until March 2021, I believe.

[jgrandja]

Good question. Let me run it by the team and see if it makes sense to setup a new Gitter channel.