Feature request: Support for client_credentials grant

[fritzdj]

We would like to use the client_credentials flow (specifically we want to use the @RegisteredOAuth2AuthorizedClient annotation), but if client info is added when using this dependency it's automatically running OktaOAuth2Configurer.configureLogin. Would it make sense to check the grant type first before doing that and calling a new configureClient method that sets up the client using http.oauth2Client() if grant type is client_credentials? We would not want to set up http.oauth2Login() in that case.
https://github.com/okta/okta-spring-boot/blob/master/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java#L47

Side note - @bdemers, great work on this project. This was a great project to learn from so thanks for contributing this as OSS.

[fritzdj]

A side note on this one - it's unclear what the best pattern is for getting new access tokens Spring Security 5 and the client credentials grant. It seems like with @RegisteredOAuth2AuthorizedClient the authorized client stays static. Would we need a custom implementation to (1) check if there is an authorized client, (2) check the access token expired time, and (3) get a new access token if needed? There may be something I am missing that comes OOTB here.

[bdemers]

@fritzdj IIRC, all of that is OOTB

[fritzdj]

See spring-projects/spring-security#6609 - this was actually never implemented