Implement Client Authentication

[jgrandja]

The client must authenticate when calling the authorization server's token endpoint.

The OAuth2ClientAuthenticationFilter should be implemented as a Filter. The initial implementation should support HTTP Basic only.

Implementation Requirements

• the Filter should process requests for the (default) path /oauth2/token and if HTTP Basic credentials are available in the request
• the OAuth2ClientAuthenticationToken should be passed to the AuthenticationManager
• the AuthenticationManager should be composed of OAuth2ClientAuthenticationProvider (in a later story)
• the OAuth2ClientAuthenticationProvider should use the RegisteredClientRepository Implement Client Registration Model / Repository #40 to look up and validate the client credentials
• the RegisteredClient should be returned in a new OAuth2ClientAuthenticationToken if the authentication succeeds
• the Filter should save the OAuth2ClientAuthenticationToken in the SecurityContext
• javadoc class and public methods
• Unit tests

Specification References

2.3. Client Authentication
3.1. Token Endpoint
4.1. Authorization Code Grant
4.1.3. Access Token Request

[pkostrzewa]

Can I work on this one?

[jgrandja]

Thank you @pkostrzewa. The issue is yours.

[paurav-munshi]

@jgrandja

Does this relates to #5 ? If that is the case I have added a PR for that. Its still in progress but the code / design pattern from that PR can be used.

[jgrandja]

@paurav-munshi Please see my comment

[pkostrzewa]

@jgrandja I have basic implementation. Should I still work on it or leave this in favor of #64?

[jgrandja]

@pkostrzewa

I have basic implementation. Should I still work on it or leave this in favor of #64?

Please continue. The goal of #64 was to flush out the design for the client_credentials flow sample. This issue will address the authorization_code flow, and eventually be used for the client_credentials grant when we get to that feature at a later point.