diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
new file mode 100644
index 00000000000..8b8dd8c677a
--- /dev/null
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.core;
+
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Map;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.util.Assert;
+
+import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTHORITIES;
+
+/**
+ * A domain object that wraps the attributes of an OAuth 2.0 token.
+ *
+ * @author Clement Ng
+ * @author Josh Cummings
+ * @since 5.2
+ */
+public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable {
+	private final Map<String, Object> attributes;
+	private final Collection<GrantedAuthority> authorities;
+	private final String name;
+
+	/**
+	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided parameters.
+	 *
+	 * @param attributes the attributes of the OAuth 2.0 token
+	 * @param authorities the authorities of the OAuth 2.0 token
+	 */
+	public DefaultOAuth2AuthenticatedPrincipal(Map<String, Object> attributes,
+			Collection<GrantedAuthority> authorities) {
+
+		this(null, attributes, authorities);
+	}
+
+	/**
+	 * Constructs an {@code DefaultOAuth2AuthenticatedPrincipal} using the provided parameters.
+	 *
+	 * @param name the name attached to the OAuth 2.0 token
+	 * @param attributes the attributes of the OAuth 2.0 token
+	 * @param authorities the authorities of the OAuth 2.0 token
+	 */
+	public DefaultOAuth2AuthenticatedPrincipal(String name, Map<String, Object> attributes,
+			Collection<GrantedAuthority> authorities) {
+
+		Assert.notEmpty(attributes, "attributes cannot be empty");
+		this.attributes = Collections.unmodifiableMap(attributes);
+		this.authorities = authorities == null ?
+				NO_AUTHORITIES : Collections.unmodifiableCollection(authorities);
+		this.name = name == null ? (String) this.attributes.get("sub") : name;
+	}
+
+	/**
+	 * Gets the attributes of the OAuth 2.0 token in map form.
+	 *
+	 * @return a {@link Map} of the attribute's objects keyed by the attribute's names
+	 */
+	public Map<String, Object> getAttributes() {
+		return this.attributes;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return this.authorities;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+	public String getName() {
+		return this.name;
+	}
+}
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java
new file mode 100644
index 00000000000..b3329d2f774
--- /dev/null
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticatedPrincipal.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.core;
+
+import java.util.Collection;
+import java.util.Map;
+
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.AuthenticatedPrincipal;
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * An {@link AuthenticatedPrincipal} that represents the principal
+ * associated with an OAuth 2.0 token.
+ *
+ * @author Josh Cummings
+ * @since 5.2
+ */
+public interface OAuth2AuthenticatedPrincipal extends AuthenticatedPrincipal {
+	/**
+	 * Get the OAuth 2.0 token attribute by name
+	 *
+	 * @param name the name of the attribute
+	 * @param <A> the type of the attribute
+	 * @return the attribute or {@code null} otherwise
+	 */
+	@Nullable
+	default <A> A getAttribute(String name) {
+		return (A) getAttributes().get(name);
+	}
+
+	/**
+	 * Get the OAuth 2.0 token attributes
+	 *
+	 * @return the OAuth 2.0 token attributes
+	 */
+	Map<String, Object> getAttributes();
+
+	/**
+	 * Get the {@link Collection} of {@link GrantedAuthority}s associated
+	 * with this OAuth 2.0 token
+	 *
+	 * @return the OAuth 2.0 token authorities
+	 */
+	Collection<? extends GrantedAuthority> getAuthorities();
+
+}
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
new file mode 100644
index 00000000000..8d794e7a09d
--- /dev/null
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.core;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Map;
+
+import org.junit.Test;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+
+/**
+ * Tests for {@link DefaultOAuth2AuthenticatedPrincipal}
+ *
+ * @author Josh Cummings
+ */
+public class DefaultOAuth2AuthenticatedPrincipalTests {
+	String name = "test-subject";
+	Map<String, Object> attributes = Collections.singletonMap("sub", this.name);
+	Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_read");
+
+	@Test
+	public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() {
+		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities))
+				.isInstanceOf(IllegalArgumentException.class);
+
+		assertThatCode(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities))
+				.isInstanceOf(IllegalArgumentException.class);
+	}
+
+	@Test
+	public void constructorWhenAuthoritiesIsNullOrEmptyThenNoAuthorities() {
+		Collection<? extends GrantedAuthority> authorities =
+				new DefaultOAuth2AuthenticatedPrincipal(this.attributes, null).getAuthorities();
+		assertThat(authorities).isEmpty();
+
+		authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes,
+				Collections.emptyList()).getAuthorities();
+		assertThat(authorities).isEmpty();
+	}
+
+	@Test
+	public void constructorWhenNameIsNullThenFallsbackToSubAttribute() {
+		OAuth2AuthenticatedPrincipal principal =
+				new DefaultOAuth2AuthenticatedPrincipal(null, this.attributes, this.authorities);
+		assertThat(principal.getName()).isEqualTo(this.attributes.get("sub"));
+	}
+
+	@Test
+	public void getNameWhenInConstructorThenReturns() {
+		OAuth2AuthenticatedPrincipal principal =
+				new DefaultOAuth2AuthenticatedPrincipal("other-subject", this.attributes, this.authorities);
+		assertThat(principal.getName()).isEqualTo("other-subject");
+	}
+
+	@Test
+	public void getAttributeWhenGivenKeyThenReturnsValue() {
+		OAuth2AuthenticatedPrincipal principal =
+				new DefaultOAuth2AuthenticatedPrincipal(this.attributes, this.authorities);
+		assertThat((String) principal.getAttribute("sub")).isEqualTo("test-subject");
+	}
+}