allow other body params (should've read the whole rfc 6750 doc)

Author: jonah1und1

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.java

@@ -180,10 +180,6 @@ private Mono<String> resolveAccessTokenFromBody(ServerWebExchange exchange) {
 				if (formData.isEmpty()) {
 					return null;
 				}
-				if (formData.size() > 1) {
-					var error = invalidRequest("The HTTP request entity-body is not single-part");
-					throw new OAuth2AuthenticationException(error);
-				}
 				final var tokens = formData.get(ACCESS_TOKEN_NAME);
 				if (tokens == null) {
 					return null;

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverterTests.java

@@ -256,20 +256,12 @@ void resolveWhenBodyParameterHasMultipleAccessTokensThenOAuth2AuthenticationExce
 	}
 
 	@Test
-	void resolveWhenBodyParameterIsNotSinglePartThenOAuth2AuthenticationException() {
+	void resolveBodyContainsOtherParameterAsWellThenTokenIsResolved() {
 		this.converter.setAllowFormEncodedBodyParameter(true);
 		var request = post("/").contentType(APPLICATION_FORM_URLENCODED)
 							   .body("access_token=" + TEST_TOKEN + "&other_param=value");
 
-		assertThatExceptionOfType(OAuth2AuthenticationException.class)
-				.isThrownBy(() -> convertToToken(request))
-				.satisfies(ex -> {
-					BearerTokenError error = (BearerTokenError) ex.getError();
-					assertThat(error.getDescription()).isEqualTo("The HTTP request entity-body is not single-part");
-					assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_REQUEST);
-					assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1");
-					assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.BAD_REQUEST);
-				});
+		assertThat(convertToToken(request).getToken()).isEqualTo(TEST_TOKEN);
 	}
 
 	@Test