Undesired multiple login attempts on failure [Feature request]

[neworld]

I am using OAuth service, which supports only form data for password grant type. So, additional tries are wasting resources. OAuth service is throttling multiple requests and sometimes even block IP. A user is able to get a block 3 times easier.

I understand why this behavior is implemented. However, would be cool to configure them. I could implement it by myself. But I am needed agreement on API.

I would suggest adding:

public OAuth2Client.Builder failback(Failback failback) { .... }

enum Failback {
  FULL, BASIC_AUTH, AUTHORIZATION, NOTHING
}

Failback could be called RequestType as well.

Of course, the default behavior has to remain.

[corcoran]

I like this idea!

Failback would be good I think. Having failback default to the old (FULL) behavior and allow for an optional enum param would work.

The change could be entirely in AuthState.nextState()

[avishaigurt-oviva]

I submitted a pull request which expose the Authenticator to the builder so you can rather set it to the default behaviour or implement one yourself