Polish spring-security-oauth2-core main code

Manually polish `spring-security-oauth-core` following the
formatting and checkstyle fixes.

Issue gh-8945

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java

@@ -97,9 +97,7 @@ public abstract class AbstractOAuth2Token implements Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		AbstractOAuth2Token other = (AbstractOAuth2Token) obj;
-
 		if (!this.getTokenValue().equals(other.getTokenValue())) {
 			return false;
 		}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java

@@ -97,10 +97,8 @@ public interface ClaimAccessor {
 		}
 		Object claimValue = getClaims().get(claim);
 		Instant convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, Instant.class);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Instant.");
 		return convertedValue;
 	}
 
@@ -115,10 +113,8 @@ public interface ClaimAccessor {
 		}
 		Object claimValue = getClaims().get(claim);
 		URL convertedValue = ClaimConversionService.getSharedInstance().convert(claimValue, URL.class);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to URL.");
 		return convertedValue;
 	}
 
@@ -140,10 +136,8 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		Map<String, Object> convertedValue = (Map<String, Object>) ClaimConversionService.getSharedInstance()
 				.convert(claimValue, sourceDescriptor, targetDescriptor);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map.");
 		return convertedValue;
 	}
 
@@ -165,10 +159,8 @@ public interface ClaimAccessor {
 		Object claimValue = getClaims().get(claim);
 		List<String> convertedValue = (List<String>) ClaimConversionService.getSharedInstance().convert(claimValue,
 				sourceDescriptor, targetDescriptor);
-		if (convertedValue == null) {
-			throw new IllegalArgumentException(
-					"Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List.");
-		}
+		Assert.isTrue(convertedValue != null,
+				() -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List.");
 		return convertedValue;
 	}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java

@@ -48,7 +48,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	 */
 	public DefaultOAuth2AuthenticatedPrincipal(Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		this(null, attributes, authorities);
 	}
 
@@ -61,7 +60,6 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 	 */
 	public DefaultOAuth2AuthenticatedPrincipal(String name, Map<String, Object> attributes,
 			Collection<GrantedAuthority> authorities) {
-
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 		this.attributes = Collections.unmodifiableMap(attributes);
 		this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities)
@@ -78,17 +76,11 @@ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2Authenti
 		return this.attributes;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return this.authorities;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public String getName() {
 		return this.name;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java

@@ -40,7 +40,6 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 	 */
 	public DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>> tokenValidators) {
 		Assert.notNull(tokenValidators, "tokenValidators cannot be null");
-
 		this.tokenValidators = new ArrayList<>(tokenValidators);
 	}
 
@@ -53,17 +52,12 @@ public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
 		this(Arrays.asList(tokenValidators));
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
 	@Override
 	public OAuth2TokenValidatorResult validate(T token) {
 		Collection<OAuth2Error> errors = new ArrayList<>();
-
 		for (OAuth2TokenValidator<T> validator : this.tokenValidators) {
 			errors.addAll(validator.validate(token).getErrors());
 		}
-
 		return OAuth2TokenValidatorResult.failure(errors);
 	}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java

@@ -80,11 +80,7 @@ public final class OAuth2TokenValidatorResult {
 	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
 	 */
 	public static OAuth2TokenValidatorResult failure(Collection<OAuth2Error> errors) {
-		if (errors.isEmpty()) {
-			return NO_ERRORS;
-		}
-
-		return new OAuth2TokenValidatorResult(errors);
+		return (errors.isEmpty()) ? NO_ERRORS : new OAuth2TokenValidatorResult(errors);
 	}
 
 }

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java

@@ -52,7 +52,6 @@ public final class ClaimTypeConverter implements Converter<Map<String, Object>,
 		if (CollectionUtils.isEmpty(claims)) {
 			return claims;
 		}
-
 		Map<String, Object> result = new HashMap<>(claims);
 		this.claimTypeConverters.forEach((claimName, typeConverter) -> {
 			if (claims.containsKey(claimName)) {
@@ -63,7 +62,6 @@ public final class ClaimTypeConverter implements Converter<Map<String, Object>,
 				}
 			}
 		});
-
 		return result;
 	}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/MapOAuth2AccessTokenResponseConverter.java

@@ -45,39 +45,45 @@ public final class MapOAuth2AccessTokenResponseConverter
 	@Override
 	public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
 		String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
+		OAuth2AccessToken.TokenType accessTokenType = getAccessTokenType(tokenResponseParameters);
+		long expiresIn = getExpiresIn(tokenResponseParameters);
+		Set<String> scopes = getScopes(tokenResponseParameters);
+		String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN);
+		Map<String, Object> additionalParameters = new LinkedHashMap<>();
+		for (Map.Entry<String, String> entry : tokenResponseParameters.entrySet()) {
+			if (!TOKEN_RESPONSE_PARAMETER_NAMES.contains(entry.getKey())) {
+				additionalParameters.put(entry.getKey(), entry.getValue());
+			}
+		}
+		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
+				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+	}
 
-		OAuth2AccessToken.TokenType accessTokenType = null;
+	private OAuth2AccessToken.TokenType getAccessTokenType(Map<String, String> tokenResponseParameters) {
 		if (OAuth2AccessToken.TokenType.BEARER.getValue()
 				.equalsIgnoreCase(tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
-			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
+			return OAuth2AccessToken.TokenType.BEARER;
 		}
+		return null;
+	}
 
-		long expiresIn = 0;
+	private long getExpiresIn(Map<String, String> tokenResponseParameters) {
 		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
 			try {
-				expiresIn = Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
+				return Long.parseLong(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
 			}
 			catch (NumberFormatException ex) {
 			}
 		}
+		return 0;
+	}
 
-		Set<String> scopes = Collections.emptySet();
+	private Set<String> getScopes(Map<String, String> tokenResponseParameters) {
 		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
 			String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
-			scopes = new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
+			return new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
 		}
-
-		String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN);
-
-		Map<String, Object> additionalParameters = new LinkedHashMap<>();
-		for (Map.Entry<String, String> entry : tokenResponseParameters.entrySet()) {
-			if (!TOKEN_RESPONSE_PARAMETER_NAMES.contains(entry.getKey())) {
-				additionalParameters.put(entry.getKey(), entry.getValue());
-			}
-		}
-
-		return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn)
-				.scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
+		return Collections.emptySet();
 	}
 
 }

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java

@@ -187,7 +187,6 @@ public final class OAuth2AccessTokenResponse {
 		public OAuth2AccessTokenResponse build() {
 			Instant issuedAt = getIssuedAt();
 			Instant expiresAt = getExpiresAt();
-
 			OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse();
 			accessTokenResponse.accessToken = new OAuth2AccessToken(this.tokenType, this.tokenValue, issuedAt,
 					expiresAt, this.scopes);

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java

@@ -39,15 +39,9 @@ public final class OAuth2AccessTokenResponseMapConverter
 	@Override
 	public Map<String, String> convert(OAuth2AccessTokenResponse tokenResponse) {
 		Map<String, String> parameters = new HashMap<>();
-
-		long expiresIn = -1;
-		if (tokenResponse.getAccessToken().getExpiresAt() != null) {
-			expiresIn = ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt());
-		}
-
 		parameters.put(OAuth2ParameterNames.ACCESS_TOKEN, tokenResponse.getAccessToken().getTokenValue());
 		parameters.put(OAuth2ParameterNames.TOKEN_TYPE, tokenResponse.getAccessToken().getTokenType().getValue());
-		parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(expiresIn));
+		parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(getExpiresIn(tokenResponse)));
 		if (!CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
 			parameters.put(OAuth2ParameterNames.SCOPE,
 					StringUtils.collectionToDelimitedString(tokenResponse.getAccessToken().getScopes(), " "));
@@ -60,8 +54,14 @@ public final class OAuth2AccessTokenResponseMapConverter
 				parameters.put(entry.getKey(), entry.getValue().toString());
 			}
 		}
-
 		return parameters;
 	}
 
+	private long getExpiresIn(OAuth2AccessTokenResponse tokenResponse) {
+		if (tokenResponse.getAccessToken().getExpiresAt() != null) {
+			return ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt());
+		}
+		return -1;
+	}
+
 }

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java

@@ -215,7 +215,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 	 */
 	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
 		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
-
 		return new Builder(authorizationRequest.getGrantType())
 				.authorizationUri(authorizationRequest.getAuthorizationUri())
 				.clientId(authorizationRequest.getClientId()).redirectUri(authorizationRequest.getRedirectUri())
@@ -440,7 +439,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
 			}
-
 			OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest();
 			authorizationRequest.authorizationUri = this.authorizationUri;
 			authorizationRequest.authorizationGrantType = this.authorizationGrantType;
@@ -454,7 +452,6 @@ public final class OAuth2AuthorizationRequest implements Serializable {
 			authorizationRequest.attributes = Collections.unmodifiableMap(this.attributes);
 			authorizationRequest.authorizationRequestUri = StringUtils.hasText(this.authorizationRequestUri)
 					? this.authorizationRequestUri : this.buildAuthorizationRequestUri();
-
 			return authorizationRequest;
 		}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java

@@ -205,7 +205,6 @@ public final class OAuth2AuthorizationResponse {
 				throw new IllegalArgumentException("code and errorCode cannot both be set");
 			}
 			Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
-
 			OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse();
 			authorizationResponse.redirectUri = this.redirectUri;
 			authorizationResponse.state = this.state;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java

@@ -52,10 +52,10 @@ final class HttpMessageConverters {
 		if (jackson2Present) {
 			return new MappingJackson2HttpMessageConverter();
 		}
-		else if (gsonPresent) {
+		if (gsonPresent) {
 			return new GsonHttpMessageConverter();
 		}
-		else if (jsonbPresent) {
+		if (jsonbPresent) {
 			return new JsonbHttpMessageConverter();
 		}
 		return null;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java

@@ -50,7 +50,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
@@ -69,16 +69,14 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	}
 
 	@Override
+	@SuppressWarnings("unchecked")
 	protected OAuth2AccessTokenResponse readInternal(Class<? extends OAuth2AccessTokenResponse> clazz,
 			HttpInputMessage inputMessage) throws HttpMessageNotReadableException {
-
 		try {
-			// gh-6463
-			// Parse parameter values as Object in order to handle potential JSON Object
-			// and then convert values to String
-			@SuppressWarnings("unchecked")
+			// gh-6463: Parse parameter values as Object in order to handle potential JSON
+			// Object and then convert values to String
 			Map<String, Object> tokenResponseParameters = (Map<String, Object>) this.jsonMessageConverter
-					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+					.read(STRING_OBJECT_MAP.getType(), null, inputMessage);
 			return this.tokenResponseConverter.convert(tokenResponseParameters.entrySet().stream()
 					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
@@ -92,10 +90,9 @@ public class OAuth2AccessTokenResponseHttpMessageConverter
 	@Override
 	protected void writeInternal(OAuth2AccessTokenResponse tokenResponse, HttpOutputMessage outputMessage)
 			throws HttpMessageNotWritableException {
-
 		try {
 			Map<String, String> tokenResponseParameters = this.tokenResponseParametersConverter.convert(tokenResponse);
-			this.jsonMessageConverter.write(tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
+			this.jsonMessageConverter.write(tokenResponseParameters, STRING_OBJECT_MAP.getType(),
 					MediaType.APPLICATION_JSON, outputMessage);
 		}
 		catch (Exception ex) {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java

@@ -49,7 +49,7 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 
 	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
 
-	private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() {
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
 	};
 
 	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
@@ -68,16 +68,14 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 	}
 
 	@Override
+	@SuppressWarnings("unchecked")
 	protected OAuth2Error readInternal(Class<? extends OAuth2Error> clazz, HttpInputMessage inputMessage)
 			throws HttpMessageNotReadableException {
-
 		try {
-			// gh-8157
-			// Parse parameter values as Object in order to handle potential JSON Object
-			// and then convert values to String
-			@SuppressWarnings("unchecked")
+			// gh-8157: Parse parameter values as Object in order to handle potential JSON
+			// Object and then convert values to String
 			Map<String, Object> errorParameters = (Map<String, Object>) this.jsonMessageConverter
-					.read(PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
+					.read(STRING_OBJECT_MAP.getType(), null, inputMessage);
 			return this.errorConverter.convert(errorParameters.entrySet().stream()
 					.collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))));
 		}
@@ -90,11 +88,10 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 	@Override
 	protected void writeInternal(OAuth2Error oauth2Error, HttpOutputMessage outputMessage)
 			throws HttpMessageNotWritableException {
-
 		try {
 			Map<String, String> errorParameters = this.errorParametersConverter.convert(oauth2Error);
-			this.jsonMessageConverter.write(errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(),
-					MediaType.APPLICATION_JSON, outputMessage);
+			this.jsonMessageConverter.write(errorParameters, STRING_OBJECT_MAP.getType(), MediaType.APPLICATION_JSON,
+					outputMessage);
 		}
 		catch (Exception ex) {
 			throw new HttpMessageNotWritableException(
@@ -136,7 +133,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 			String errorCode = parameters.get(OAuth2ParameterNames.ERROR);
 			String errorDescription = parameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION);
 			String errorUri = parameters.get(OAuth2ParameterNames.ERROR_URI);
-
 			return new OAuth2Error(errorCode, errorDescription, errorUri);
 		}
 
@@ -151,7 +147,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 		@Override
 		public Map<String, String> convert(OAuth2Error oauth2Error) {
 			Map<String, String> parameters = new HashMap<>();
-
 			parameters.put(OAuth2ParameterNames.ERROR, oauth2Error.getErrorCode());
 			if (StringUtils.hasText(oauth2Error.getDescription())) {
 				parameters.put(OAuth2ParameterNames.ERROR_DESCRIPTION, oauth2Error.getDescription());
@@ -159,7 +154,6 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte
 			if (StringUtils.hasText(oauth2Error.getUri())) {
 				parameters.put(OAuth2ParameterNames.ERROR_URI, oauth2Error.getUri());
 			}
-
 			return parameters;
 		}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java

@@ -80,9 +80,7 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 		if (obj == null || !AddressStandardClaim.class.isAssignableFrom(obj.getClass())) {
 			return false;
 		}
-
 		AddressStandardClaim other = (AddressStandardClaim) obj;
-
 		if ((this.getFormatted() != null) ? !this.getFormatted().equals(other.getFormatted())
 				: other.getFormatted() != null) {
 			return false;
@@ -238,7 +236,6 @@ public final class DefaultAddressStandardClaim implements AddressStandardClaim {
 			address.region = this.region;
 			address.postalCode = this.postalCode;
 			address.country = this.country;
-
 			return address;
 		}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java

@@ -74,9 +74,7 @@ public class OidcUserInfo implements StandardClaimAccessor, Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		OidcUserInfo that = (OidcUserInfo) obj;
-
 		return this.getClaims().equals(that.getClaims());
 	}
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java

@@ -98,9 +98,7 @@ public class OidcUserAuthority extends OAuth2UserAuthority {
 		if (!super.equals(obj)) {
 			return false;
 		}
-
 		OidcUserAuthority that = (OidcUserAuthority) obj;
-
 		if (!this.getIdToken().equals(that.getIdToken())) {
 			return false;
 		}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java

@@ -106,9 +106,7 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		DefaultOAuth2User that = (DefaultOAuth2User) obj;
-
 		if (!this.getName().equals(that.getName())) {
 			return false;
 		}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java

@@ -81,9 +81,7 @@ public class OAuth2UserAuthority implements GrantedAuthority {
 		if (obj == null || this.getClass() != obj.getClass()) {
 			return false;
 		}
-
 		OAuth2UserAuthority that = (OAuth2UserAuthority) obj;
-
 		if (!this.getAuthority().equals(that.getAuthority())) {
 			return false;
 		}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java

@@ -53,18 +53,20 @@ class OAuth2AccessTokenResponseBodyExtractor
 
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
+	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
+	};
+
 	OAuth2AccessTokenResponseBodyExtractor() {
 	}
 
 	@Override
 	public Mono<OAuth2AccessTokenResponse> extract(ReactiveHttpInputMessage inputMessage, Context context) {
-		ParameterizedTypeReference<Map<String, Object>> type = new ParameterizedTypeReference<Map<String, Object>>() {
-		};
-		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);
+		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors
+				.toMono(STRING_OBJECT_MAP);
 		return delegate.extract(inputMessage, context)
-				.onErrorMap((e) -> new OAuth2AuthorizationException(
-						invalidTokenResponse("An error occurred parsing the Access Token response: " + e.getMessage()),
-						e))
+				.onErrorMap((ex) -> new OAuth2AuthorizationException(
+						invalidTokenResponse("An error occurred parsing the Access Token response: " + ex.getMessage()),
+						ex))
 				.switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException(
 						invalidTokenResponse("Empty OAuth 2.0 Access Token Response"))))
 				.map(OAuth2AccessTokenResponseBodyExtractor::parse)
@@ -76,10 +78,10 @@ class OAuth2AccessTokenResponseBodyExtractor
 		try {
 			return TokenResponse.parse(new JSONObject(json));
 		}
-		catch (ParseException pe) {
+		catch (ParseException ex) {
 			OAuth2Error oauth2Error = invalidTokenResponse(
-					"An error occurred parsing the Access Token response: " + pe.getMessage());
-			throw new OAuth2AuthorizationException(oauth2Error, pe);
+					"An error occurred parsing the Access Token response: " + ex.getMessage());
+			throw new OAuth2AuthorizationException(oauth2Error, ex);
 		}
 	}
 
@@ -93,17 +95,18 @@ class OAuth2AccessTokenResponseBodyExtractor
 		}
 		TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
 		ErrorObject errorObject = tokenErrorResponse.getErrorObject();
-		OAuth2Error oauth2Error;
+		OAuth2Error oauth2Error = getOAuth2Error(errorObject);
+		return Mono.error(new OAuth2AuthorizationException(oauth2Error));
+	}
+
+	private static OAuth2Error getOAuth2Error(ErrorObject errorObject) {
 		if (errorObject == null) {
-			oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-		}
-		else {
-			oauth2Error = new OAuth2Error(
-					(errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
-					errorObject.getDescription(),
-					(errorObject.getURI() != null) ? errorObject.getURI().toString() : null);
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
 		}
-		return Mono.error(new OAuth2AuthorizationException(oauth2Error));
+		String code = (errorObject.getCode() != null) ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR;
+		String description = errorObject.getDescription();
+		String uri = (errorObject.getURI() != null) ? errorObject.getURI().toString() : null;
+		return new OAuth2Error(code, description, uri);
 	}
 
 	private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {
@@ -113,17 +116,13 @@ class OAuth2AccessTokenResponseBodyExtractor
 			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
 		}
 		long expiresIn = accessToken.getLifetime();
-
 		Set<String> scopes = (accessToken.getScope() != null)
 				? new LinkedHashSet<>(accessToken.getScope().toStringList()) : Collections.emptySet();
-
 		String refreshToken = null;
 		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
 			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
 		}
-
 		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-
 		return OAuth2AccessTokenResponse.withToken(accessToken.getValue()).tokenType(accessTokenType)
 				.expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken)
 				.additionalParameters(additionalParameters).build();