Add support for OAuth 2.0 Client authentication methods

[beuvenar]

Currently, Spring Security only supports basic and post authentication methods between client and authorization server. Would it be possible to add other support for other OpenID authentication methods in a future version of Spring Security, in particular client_secret_jwt and private_key_jwt (see https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)?

Related #8175

[rwinch]

Thanks for the report @beuvenar! @jgrandja will take a look at this issue soon

[jgrandja]

@beuvenar We definitely plan on adding support for other client authentication methods at some point and dependent on user demand. I'm not sure it will get into the next release 5.2. Is there a reason you are requesting client_secret_jwt and private_key_jwt? Do you require this? Which provider are you using that supports these authn methods?

[beuvenar]

@jgrandja We are currently using Srping Security to implement an integration with OIDC provider of EU Login (formerly ECAS), the authentication service of European Commission. They recommend to use client_secret_jwt or private_key_jwt as authentication methods (but they also support basic method so we are not blocked).