With the application security setup in place, we can continue with the configuration for the WebClient. The Spring Security OAuth2 client dependency provides a ServerOAuth2AuthorizedClientExchangeFilterFunction, which we can use to configure our WebClient instance. This filter is for working with the reactive web stack, for the Servlet stack, have a look at the ServletOAuth2AuthorizedClientExchangeFilterFunction.

Moreover, as the filter function takes a ReactiveOAuth2AuthorizedClientManager as an input argument, we have to provide this bean. To create such a bean we can inject the ReactiveClientRegistrationRepository which gets autoconfigured (as we use Spring Boot Security) based on our application.yml.

The GitHub API uses the authorization_code OAuth2 flow, so we can configure the ReactiveOAuth2AuthorizedClientProvider for only this flow. Other flows like client_credentials, refresh_token are also available.

https://www.baeldung.com/spring-webclient-oauth2