Description
The client should have the ability to authenticate with the Authorization Server using X.509 certificate.
See RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
** UPDATE ** (April 23, 2024):
Closing this issue as there are no enhancements required to the framework code as mTLS client authentication is possible by simply configuring the underlying HTTP Client.
The various OAuth2AccessTokenResponseClient implementations already expose a setRestOperations(RestOperations restOperations) method and it is the applications responsibility to configure RestTemplate and it's associated ClientHttpRequestFactory to provide HTTPS-enabled connectors. This is typically configured using a KeyStore that contains the client's X509Certificate.
The same rules apply for WebClient, as the application is responsible for configuring the underlying ClientHttpConnector.
See the Demo Sample in Spring Authorization Server, as the demo-client sample provides example configurations for RestTemplate and WebClient using a keystore.p12 file.