UTF-8 encoding introduces incompatible Authorization header

[jochan-clgx]

I am migrating an application from Spring Boot 2.5.14 to 3.0.1 which brings in Spring Security 6.0.1. I experienced that our test cases no longer getting authenticated with our existing client-id and client-secret. After a debugging session, I realized that there are new changes with spring-security-oauth2-client

spring-security/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java

Line 49 in c47fbf7

static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) {

It introduces the UTF-8 encoding for authorization header which encodes most of our existing client-secret differently compare to Spring Security 5.5.x. My apology if I missed anything but if it is an issue, may I ask if there is any temporary workaround at the moment?

Thank you,

[sjohnr]

@jochan-clgx, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Also, please see this comment and #11440 generally for a possible answer to your question. Also see this comment for additional details on the workaround.