Change ClientAuthenticationMethod from enum to class

Fixes gh-4313

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/nimbus/NimbusAuthorizationCodeTokenExchanger.java

@@ -78,7 +78,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 		ClientID clientId = new ClientID(clientRegistration.getClientId());
 		Secret clientSecret = new Secret(clientRegistration.getClientSecret());
 		ClientAuthentication clientAuthentication;
-		if (ClientAuthenticationMethod.FORM.equals(clientRegistration.getClientAuthenticationMethod())) {
+		if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
 			clientAuthentication = new ClientSecretPost(clientId, clientSecret);
 		} else {
 			clientAuthentication = new ClientSecretBasic(clientId, clientSecret);

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -35,7 +35,7 @@ import java.util.Set;
 public class ClientRegistration {
 	private String clientId;
 	private String clientSecret;
-	private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.HEADER;
+	private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
 	private AuthorizationGrantType authorizedGrantType;
 	private String redirectUri;
 	private Set<String> scopes = Collections.emptySet();
@@ -154,7 +154,7 @@ public class ClientRegistration {
 	public static class Builder {
 		protected String clientId;
 		protected String clientSecret;
-		protected ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.HEADER;
+		protected ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
 		protected AuthorizationGrantType authorizedGrantType;
 		protected String redirectUri;
 		protected Set<String> scopes;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrationProperties.java

@@ -35,7 +35,7 @@ import java.util.Set;
 public class ClientRegistrationProperties {
 	private String clientId;
 	private String clientSecret;
-	private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.HEADER;
+	private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
 	private AuthorizationGrantType authorizedGrantType;
 	private String redirectUri;
 	private Set<String> scopes;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java

@@ -15,6 +15,8 @@
  */
 package org.springframework.security.oauth2.core;
 
+import org.springframework.util.Assert;
+
 /**
  * The available authentication methods used when authenticating the client with the authorization server.
  *
@@ -22,17 +24,34 @@ package org.springframework.security.oauth2.core;
  * @since 5.0
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2.3">Section 2.3 Client Authentication</a>
  */
-public enum ClientAuthenticationMethod {
-	HEADER("header"),
-	FORM("form");
-
+public final class ClientAuthenticationMethod {
+	public static final ClientAuthenticationMethod BASIC = new ClientAuthenticationMethod("basic");
+	public static final ClientAuthenticationMethod POST = new ClientAuthenticationMethod("post");
 	private final String value;
 
-	ClientAuthenticationMethod(String value) {
+	public ClientAuthenticationMethod(String value) {
+		Assert.hasText(value, "value cannot be empty");
 		this.value = value;
 	}
 
-	public String value() {
+	public String getValue() {
 		return this.value;
 	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj) {
+			return true;
+		}
+		if (obj == null || this.getClass() != obj.getClass()) {
+			return false;
+		}
+		ClientAuthenticationMethod that = (ClientAuthenticationMethod) obj;
+		return this.getValue().equalsIgnoreCase(that.getValue());
+	}
+
+	@Override
+	public int hashCode() {
+		return this.getValue().hashCode();
+	}
 }

samples/boot/oauth2login/README.adoc

@@ -393,7 +393,7 @@ The following specifies the common set of properties available for configuring a
 - At the base of the *_client property key_* are the properties for specifying the configuration for an OAuth Client.
 ====
 
-- *client-authentication-method* - the method used to authenticate the _Client_ with the _Provider_. Supported values are *header* and *form*.
+- *client-authentication-method* - the method used to authenticate the _Client_ with the _Provider_. Supported values are *basic* and *post*.
 - *authorized-grant-type* - the OAuth 2.0 Authorization Framework defines the https://tools.ietf.org/html/rfc6749#section-1.3.1[Authorization Code] grant type,
  which is used to realize the _"authentication flow"_. Currently, this is the only supported grant type.
 - *redirect-uri* - this is the client's _registered_ redirect URI that the _Authorization Server_ redirects the end-user's user-agent
@@ -443,7 +443,7 @@ security:
   oauth2:
     client:
       google:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: openid, email, profile
@@ -454,7 +454,7 @@ security:
         client-name: Google
         client-alias: google
       github:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: user
@@ -465,7 +465,7 @@ security:
         client-name: GitHub
         client-alias: github
       facebook:
-        client-authentication-method: form
+        client-authentication-method: post
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: public_profile, email
@@ -476,7 +476,7 @@ security:
         client-name: Facebook
         client-alias: facebook
       okta:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: openid, email, profile
@@ -503,7 +503,7 @@ Let's assume we have a _properties file_ named *oauth2-clients.properties* on th
 ----
 security.oauth2.client.google.client-id=${client-id}
 security.oauth2.client.google.client-secret=${client-secret}
-security.oauth2.client.google.client-authentication-method=header
+security.oauth2.client.google.client-authentication-method=basic
 security.oauth2.client.google.authorized-grant-type=authorization_code
 security.oauth2.client.google.redirect-uri=http://localhost:8080/oauth2/authorize/code/google
 security.oauth2.client.google.scopes=openid,email,profile
@@ -553,8 +553,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	private ClientRegistration clientRegistration(String clientPropertyKey) {
 		String clientId = this.environment.getProperty(clientPropertyKey + "client-id");
 		String clientSecret = this.environment.getProperty(clientPropertyKey + "client-secret");
-		ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.valueOf(
-			this.environment.getProperty(clientPropertyKey + "client-authentication-method").toUpperCase());
+		ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod(
+			this.environment.getProperty(clientPropertyKey + "client-authentication-method"));
 		AuthorizationGrantType authorizationGrantType = AuthorizationGrantType.valueOf(
 			this.environment.getProperty(clientPropertyKey + "authorized-grant-type").toUpperCase());
 		String redirectUri = this.environment.getProperty(clientPropertyKey + "redirect-uri");

samples/boot/oauth2login/src/main/resources/META-INF/oauth2-clients-defaults.yml

@@ -2,7 +2,7 @@ security:
   oauth2:
     client:
       google:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: openid, email, profile
@@ -13,7 +13,7 @@ security:
         client-name: Google
         client-alias: google
       github:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: user
@@ -24,7 +24,7 @@ security:
         client-name: GitHub
         client-alias: github
       facebook:
-        client-authentication-method: form
+        client-authentication-method: post
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: public_profile, email
@@ -35,7 +35,7 @@ security:
         client-name: Facebook
         client-alias: facebook
       okta:
-        client-authentication-method: header
+        client-authentication-method: basic
         authorized-grant-type: authorization_code
         redirect-uri: "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}"
         scopes: openid, email, profile