Alternative for OAuth2FeignRequestInterceptor that depends on a deprecated class

Question

Disclaimer: I honestly tried to google/github this, scanned through the OAuth2 migration guide, but couldn't find an answer to this, so here we go.

org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor from spring-cloud-security project acquires OAuth2 token and sets it to a Feign's RequestTemplate transparently to a client's invoker.
However, it relies on a deprecated OAuth2ClientContext class, which refers to an aforementioned migration guide, which still says that

For other flows, an OAuth2ClientContext instance needs to be constructed and exposed.

So would be great to know several things:
1. Is it really deprecated, or it's just that its usage should change (at least in certain cases)?
2. If former - what's the correct alternative?
3. Are there any plans to migrate OAuth2FeignRequestInterceptor from using the deprecated classes?

Answer 1

The classes OAuth2FeignRequestInterceptor and OAuth2ClientContext has changed in the latest versions. It's changed to @Deprecated now. It already has an open issue linked to it. Lets understand it one by one.

1. OAuth2FeignRequestInterceptor : Previously it used to be a part of spring-cloud-security. You can now find it in the below link
   spring-cloud/spring-cloud-openfeign
   Exact class is in this link OAuth2FeignRequestInterceptor.java. This project is still a work in progress.

2. OAuth2ClientContext : If we look carefully in the javadoc present in the class it says:

   @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. The migration Guide mentioned in the link states that

   This document contains guidance for moving OAuth 2.0 Clients and Resource Servers from Spring Security OAuth 2.x to Spring Security 5.2.x. Since Spring Security doesn’t provide Authorization Server support, migrating a Spring Security OAuth Authorization Server is out of scope for this document.

   The latest changes are present in spring-security. In spring-security 5.3.x information related to OAuth2 client can be found in the this link . OAuth2AuthorizedClient.java
   You will get more details if you refer to the information provided in the Migration Guide.
   

   In future it will be a part of Spring Authorization Server.
   Github : spring-authorization-server which under development. A lot of OAuth2 related stuff is present. e.g. OAuth2Authorization.java which will used to getAccessToken, RefreshToken etc.
   

Some more information from Stackoverflow about the alternatives which might help. this