Make requestEntityConverter customisable in RestClientOAuth2AccessTokenResponseClient #18116
Description
Expected Behavior
The AbstractRestClientOAuth2AccessTokenResponseClient class contains five different properties in its internal state:
restClientrequestEntityConverterheadersConverterparametersConverterparametersCustomizer
I expect it would be possible to overwrite any of them when building a new instance of this class.
Current Behavior
The current behaviour is that all those properties are non-final (therefore, mutable), but only 4 out of 5 can be customised via a setter method. The requestEntityConverter cannot be customised.
Context
The requestEntityConverter is a critical part of this class and would need to be customised to support OAuth2 flows that Spring Security doesn't support yet out-of-the-box. For example, in order to support DPoP, I would need to perform the request differently to support the nonce exchange part of the DPoP flow. Because of that, my current workaround is to create a custom class, duplicate all the code from AbstractRestClientOAuth2AccessTokenResponseClient, except for an additional setRequestEntityConverter() method that would allow to customise it to add the header.
Since the requestEntityConverter was designed mutable to begin with, and for consistency with all the other properties in the same class (including other converters), it would be great if a setRequestEntityConverter() could be added to it. If that's something you consider acceptable, I'd be happy to submit a PR for it.
Thanks!