OAuth use ConcurrentHashMap

Fixes gh-4647

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/jwt/NimbusJwtDecoderRegistry.java

@@ -21,8 +21,8 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link JwtDecoderRegistry} that creates/manages instances of
@@ -35,7 +35,7 @@ import java.util.Map;
  * @see <a target="_blank" href="https://connect2id.com/products/nimbus-jose-jwt">Nimbus JOSE + JWT SDK</a>
  */
 public class NimbusJwtDecoderRegistry implements JwtDecoderRegistry {
-	private final Map<String, JwtDecoder> jwtDecoders = new HashMap<>();
+	private final Map<String, JwtDecoder> jwtDecoders = new ConcurrentHashMap<>();
 
 	@Override
 	public JwtDecoder getJwtDecoder(ClientRegistration registration) {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepository.java

@@ -18,10 +18,10 @@ package org.springframework.security.oauth2.client.registration;
 import org.springframework.util.Assert;
 
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link ClientRegistrationRepository} that stores {@link ClientRegistration}(s) <i>in-memory</i>.
@@ -36,7 +36,7 @@ public final class InMemoryClientRegistrationRepository implements ClientRegistr
 
 	public InMemoryClientRegistrationRepository(List<ClientRegistration> registrations) {
 		Assert.notEmpty(registrations, "registrations cannot be empty");
-		Map<String, ClientRegistration> registrationsMap = new HashMap<>();
+		Map<String, ClientRegistration> registrationsMap = new ConcurrentHashMap<>();
 		registrations.forEach(registration -> {
 			if (registrationsMap.containsKey(registration.getRegistrationId())) {
 				throw new IllegalArgumentException("ClientRegistration must be unique. Found duplicate registrationId: " +

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/token/InMemoryAccessTokenRepository.java

@@ -23,6 +23,7 @@ import org.springframework.util.Assert;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A {@link SecurityTokenRepository} that associates an {@link AccessToken}
@@ -36,7 +37,7 @@ import java.util.Map;
  */
 public final class InMemoryAccessTokenRepository implements SecurityTokenRepository<AccessToken> {
 	private final ClientRegistrationIdentifierStrategy<String> identifierStrategy = new AuthorizedClientIdentifierStrategy();
-	private final Map<String, AccessToken> accessTokens = new HashMap<>();
+	private final Map<String, AccessToken> accessTokens = new ConcurrentHashMap<>();
 
 	@Override
 	public AccessToken loadSecurityToken(ClientRegistration registration) {