diff --git a/7.0.0-migration-guide.md b/7.0.0-migration-guide.md
new file mode 100644
index 000000000..e7a12634b
--- /dev/null
+++ b/7.0.0-migration-guide.md
@@ -0,0 +1,47 @@
+# Migration Guide from 6.x to 7.0.0
+
+## Dependencies
+- replace any spring-addons starter with `com.c4-soft.springaddons:spring-addons-starter-oidc`
+- replace any spring-addons test starter with `com.c4-soft.springaddons:spring-addons-starter-oidc-test`
+- depending or your needs, add a dependency to 
+  * `org.springframework.boot:spring-boot-starter-oauth2-resource-server` for a REST API secured with access tokens
+  * `org.springframework.boot:spring-boot-starter-oauth2-client` when configuring `spring-cloud-gateway` as BFF or exposing server-side rendered templates with frameworks like Thymeleaf
+  * both of above when exposing publicly both a REST API secured with access tokens and other resources secured with sessions
+
+## Java Sources
+
+### Main Code
+- rename `SpringAddonsSecurityProperties` to `SpringAddonsOidcProperties`. Also, if using nested properties, rename
+  * `getIssuers()` to `getOps()`
+  * `getLocation()` to `getIss()`
+- replace `SpringAddonsOAuth2ClientProperties` with `SpringAddonsOidcProperties::getClient` (only `SpringAddonsOidcProperties` can be autowired)
+- organize imports
+
+### Tests
+- replace `@AutoConfigureAddonsSecurity` with `@AutoConfigureAddonsMinimalSecurity`
+- replace `@AutoConfigureAddonsWebSecurity` with one of:
+  * `@AutoConfigureAddonsWebmvcSecurity`
+  * `@AutoConfigureAddonsWefluxSecurity`
+
+## Application Properties
+This is probably the most tedious part of the migration. Hopefully, your IDE auto-completion and syntax highliting should help you there.
+
+### Common Configuration
+- rename `com.c4-soft.springaddons.security` to `com.c4-soft.springaddons.oidc`
+- rename `issuers` to `ops` which stands for OpenID Providers (`com.c4-soft.springaddons.security.issuers` becomes `com.c4-soft.springaddons.oidc.ops`)
+- rename OpenID Providers `location` to `iss`: if set, the is used to add an "issuer" (tokens `iss` claim) validator to JWT decoder (`com.c4-soft.springaddons.security.issuers[].location` becomes `com.c4-soft.springaddons.oidc.ops[].iss`)
+- rename`audience` to `aud`: if set, the is used to add an "audience" (tokens `aud` claim) validator to JWT decoder (`com.c4-soft.springaddons.security.issuers[].aud` becomes `com.c4-soft.springaddons.oidc.ops[].aud`)
+
+CORS configuration has also improved for both clients and resource servers: `allowed-origin-patterns` is used instead of `allowed-origins`. This is a requirement for using `allow-credentials` and is also more flexible: you can define ant patterns like `https://*.my-domain.pf`.
+- rename `allowed-origins` to `allowed-origin-patterns`
+- add `allow-credentials` and `max-age` if it makes sens (this are added configuration options)
+
+### Resource Servers
+Resource server `Security(Web)FilterChain` can now be completely disabled with `com.c4-soft.springaddons.security.resourceserver.enabled=false`
+
+Resource server specific properties are grouped in a new `resourceserver` subset:
+- move `cors` down 1 level into `resourceserver` (`com.c4-soft.springaddons.security.cors` becomes `com.c4-soft.springaddons.security.resourceserver.cors`)
+- move `permit-all` down one level to `resourceserver` (`com.c4-soft.springaddons.security.permit-all` becomes `com.c4-soft.springaddons.security.resourceserver.permit-all`)
+
+### Clients
+- rename `allowed-origins` to `allowed-origin-patterns` (`com.c4-soft.springaddons.security.client.cors.allowed-origins` becomes `com.c4-soft.springaddons.security.client.cors.allowed-origin-patterns`)
diff --git a/README.MD b/README.MD
index c3dcf2538..283a08de3 100644
--- a/README.MD
+++ b/README.MD
@@ -1,9 +1,15 @@
-Do not hesitate to fork this repo and send pull requests, even for things as small as a typo in READMEs or Javadoc. This would promote you as contributor.
+7.0.0 is a break through in usability: all 6 `spring-addons` Boot starters are merged into a single one: [`com.c4-soft.springaddons:spring-addons-starter-oidc`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc/), and so are the 4 test libs: [`com.c4-soft.springaddons:spring-addons-starter-oidc-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc-test/) (if you are using just the test annotations, without the starter, the dependency is still the same: [`com.c4-soft.springaddons:spring-addons-oauth2-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-oauth2-test/)).
 
-# Spring-addons
+Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to bump from `6.x` to `7.0.0`. Also, all samples and tutorials are migrated to latest starter and test annotations.
+
+# Configuring and Testing OAuth2 / OpenID Spring applications Made Easy
 The libraries hosted in this repo shine in two domains:
-- provide with annotations to mock OAuth2 `Authentication` during tests (`@WithMockJwtAuth`, `@WithOAuth2Login`, `@WithOidcLogin`, `@WithMockBearerTokenAuthentication`, etc.), which allow to test method security on any `@Component`. **New in 6.1.12: `@JwtAuthenticationSource` and alike to work with JUnit 5 `@ParameterizedTest`**. Details below.
-- help configuring Spring Boot 3 applications OAuth2 configuration by pushing auto-configuration to the next level. As shown in **[Tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials)**, with 0 Java conf (just properties), we can configure:
+- providing with annotations to mock OAuth2 `Authentication` for JUnit `@Test`:
+  * `@WithMockAuthentication` with `@AuthenticationSource` and `@ParameterizedAuthentication` companions for JUnit 5 @ParameterizedTest
+  * `@WithJwt` which uses the JWT authentication converter defined in security configuration to build the right type of `Authentication` (with the right authorities and name) based on a JSON file on he classpath (or plain Java String
+  * `@WithOpaqueToken` same as `@WithJwt` for introspection, using the `OpaqueTokenAuthenticationConverter` in the security configuration
+  * more specialized annotations for specific authentication implementations (`@WithOAuth2Login`, `@WithOidcLogin`, etc.) or to use as elements for your own test annotations in applications using custom OAuth2 `Authentication` implementations
+- pushing OIDC auto-configuration to the next level in Spring Boot 3 applications. As shown in **[Tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials)**, with 0 Java conf (just properties), we can configure:
   * authorities mapping (source claims, prefix and case transformation), without having to provide authentication converter, user service or `GrantedAuthoritiesMapper` in each app
   * fine grained CORS configuration (per path matcher), which enables to override allowed origins as environment variable when switching from `localhost` to `dev` or `prod` environments
   * sessions & CSRF disabled by default on resource server and enabled on clients. If a cookie repo is chosen for CSRF (as required by Angular, React, Vue, etc.), then the right request handler is configured and a filter to actually set the cookie is added
@@ -16,7 +22,7 @@ The libraries hosted in this repo shine in two domains:
 
 Jump to:
 - [1.  Unit & Integration Testing With Security](#unit-tests)
-- [2. Spring Boot OAuth2 Starters](#oauth2-starters)
+- [2. Spring Boot OIDC Starter](#oauth2-starters)
 - [3. Where to Start](#start)
 - [4. Versions & Requirements](#versions)
 - [5. Additional Modules](#additional-modules)
@@ -32,6 +38,7 @@ An [article covering the usage of OAuth2 test annotations from this lib](https:/
 
 However, since this article was published, test annotations have improved.
 
+### 1.1. Sample
 Let's consider the following secured `@Service`
 ```java
 @Service
@@ -51,8 +58,7 @@ Now, let's assume that you have a staging environment with a few representative
 
 `@WithJwt` and `@WithOpaqueToken` enable to load those claim-sets and turn it into `Authentication` instances using the authentication converter from your security configuration, and as so, with the same type, authorities, name and claims as at runtime.
 ```java
-@AutoConfigureAddonsSecurity
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class }) // Only AddonsSecurityBeans is required for this test
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
 class MessageServiceTests {
 
@@ -86,22 +92,28 @@ class MessageServiceTests {
 }
 ```
 There are we few things worth noting above:
-- annotation fit so well with BDD (given-when-then) and are very brief
+- annotations fit so well with BDD (given-when-then): the test pre-conditions (given) are decorating the test instead of cluttering its content like MockMvc request post-processors and WebTestClient mutators
+- annotations can be very brief and expressive
 - we are testing a `@Service` having methods decorated with `@PreAuthorize` (without `MockMvc` or `WebTestClient`)
 - the claims are loaded from a JSON files in the test classpath
 - we are using JUnit 5 `@ParameterizedTest`: the test will run once for each of the authentication in the stream provided  by the `identities` method
-- the claim used as `username` is a potentially a nested claim resolved with JSON-Path
+- the claim used as `username` potentially is a nested claim resolved with JSON-Path
+
+### 1.2. Which Dependency / Annotation to Use
+`spring-addons-oauth2-test` is enough to use test annotations, but if you opted for `spring-addons-starter-oidc`, then `spring-addons-starter-oidc-test` is better suited as it comes with tooling to load spring-addons auto-configuration during tests (refer to the many samples for usage).
+
+`@WithMockAuthentication` should be enough to test applications with RBAC (role-based access control): it allows to easily define `name` and `authorities`, as well as the Authentication an principal types to mock if your application code expects something specific.
+
+In case your access-control uses more than just name and authorities, and you'll probably need to define claim-set details. `@WithJwt` and `@WithOpaqueToken` can come pretty handy as it uses the respectively the JWT or OpaqueToken authentication converter in your security configuration to build the authentication instance, using a JSON payload from the classpath (or a plain Java String): you might just dump payloads of access tokens for representative users in test resources (use a tool like https://jwt.io to easily get those payloads).
+
+## 2. <a name="oauth2-starters"/>Spring Boot Starter
+**This starters is designed to push auto-configuration to the next level** and does nothing more than helping you with auto-configuration from application properties.
 
-## 2. <a name="oauth2-starters"/>Spring Boot Starters
-**This starters are designed to push auto-configuration to the next level** (and does nothing more than helping you with auto-configuration from applicationproperties). In most cases, you should need 0 Java conf. An effort was made to make [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials), Javadoc and modules READMEs as informative as possible. Please refer there for more details.
+In most cases, you should need 0 Java conf. An effort was made to make [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials), Javadoc and modules READMEs as informative as possible. Please refer there for more details.
 
-Spring Boot starters are thin wrappers around `spring-boot-starter-oauth2-resource-server` or `spring-boot-starter-oauth2-client`:
-- [spring-addons-webflux-client](https://github.com/ch4mpy/spring-addons/tree/master/webflux/spring-addons-webflux-client) to be used in reactive applications rendering templates on the server (Thymeleaf, JSF, etc.), **or in `spring-cloud-gateway` used as BFF** (server-side OAuth2 confidential client securing a browser application with sessions and replacing session cookies with OAuth2 access tokens before forwarding requests from browsers to resource servers)
-- [spring-addons-webflux-introspecting-resource-server](https://github.com/ch4mpy/spring-addons/tree/master/webflux/spring-addons-webflux-introspecting-resource-server) to be used in reactive REST APIs secured with access token introspection
-- [spring-addons-webflux-jwt-resource-server](https://github.com/ch4mpy/spring-addons/tree/master/webflux/spring-addons-webflux-jwt-resource-server) to be used in **reactive REST APIs secured with JWT decoders**
-- [spring-addons-webmvc-client](https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-client) to be used in servlet applications rendering templates on the server (Thymeleaf, JSF, etc.)
-- [spring-addons-webmvc-introspecting-resource-server](https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-introspecting-resource-server) to be used in servlet REST APIs secured with access token introspection
-- [spring-addons-webmvc-jwt-resource-server](https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-jwt-resource-server) to be used in **servlet REST APIs secured with JWT decoders**
+`spring-addons-oidc-starter` does not replace `spring-boot-starter-oauth2-resource-server` and `spring-boot-starter-oauth2-client`, it defines a few beans designed to be picked by it.
+
+If you are curious enough, you might inspect what is auto-configured (and under which conditions) by reading the source code, starting from the [org.springframework.boot.autoconfigure.AutoConfiguration.imports](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-starter-oidc/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) file, which is the Spring Boot standard entry-point defining what is loaded when a jar is on the classpath.
 
 ## 3. <a name="start"/>Where to Start
 [Tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials) which cover:
@@ -119,38 +131,34 @@ Spring Boot starters are thin wrappers around `spring-boot-starter-oauth2-resour
   * `OAuthentication<OpenidClaimSet>` / Spring default `Authentication` implementation (`JwtAuthenticationToken` for JWT decoder or `BearerTokenAuthentication` for token introspection)
 
 ## 4. <a name="versions"/>Versions & Requirements
-6.x branch is designed for spring-boot 3 and requires JDK 17 as minimum.
-
-If locked wtih a lower JDK or spring-boot version, you'll have to use a 5.4.x release wich are made with **JDK 1.8** and spring 2.6 (boot auto loading mechanisms have change with 2.7). But be aware that some of the features documented on main branch can be missing or behave differently.
+6.x and 7.X branch are designed for spring-boot 3 and requires JDK 17 as minimum.
 
 I could forget to update README before releasing, so please refer to [maven central](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons/) to pick latest available release
 ```xml
     <properties>
-        <springaddons.version>6.2.0</springaddons.version>
-        <app-type>webmvc</app-type><!-- alternative value is webflux !-->
-        <token>jwt</token><!-- alternative value is introspecting !-->
+        <springaddons.version>7.0.0</springaddons.version>
     </properties>
     <dependencies>
 
-        <!-- to pull resource-server stater with its companion for unit-tests -->
+        <!-- to pull addons stater with its companion for unit-tests -->
         <dependency>
             <groupId>com.c4-soft.springaddons</groupId>
-            <artifactId>spring-addons-${app-type}-${token}-resource-server</artifactId>
+            <artifactId>spring-addons-starter-oidc</artifactId>
             <version>${springaddons.version}</version>
         </dependency>
         <dependency>
             <groupId>com.c4-soft.springaddons</groupId>
-            <artifactId>spring-addons-${app-type}-${token}-test</artifactId>
+            <artifactId>spring-addons-starter-oidc-test</artifactId>
             <version>${springaddons.version}</version>
             <scope>test</scope>
         </dependency>
 
-        <!-- If you don't want starters but need @WithMockJwtAuth or WithMockBearerTokenAuthentication -->
-        <!-- instead of the two preceding, you can pull test annotations only -->
+        <!-- If you don't want to use the starter but need test annotations -->
         <dependency>
             <groupId>com.c4-soft.springaddons</groupId>
             <artifactId>spring-addons-oauth2-test</artifactId>
             <version>${springaddons.version}</version>
+            <scope>test</scope>
         </dependency>
 
     </dependencies>
@@ -180,6 +188,11 @@ Using such libs is dead simple: just declare depedency on one of those libs and
 
 2.0 comes with a noticeable amount of breaking changes. So lets start tracking features.
 
+### 7.0.0
+See the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md)
+- merge all 6 starters into a single one
+- reduce test libs count to 2: one with just annotations and another to ease testing of apps using the starter
+
 ### 6.2.0
 - remove `OAuth2AuthenticationFactory`: instead, use `Converter<Jwt, ? extends AbstractAuthenticationToken>`, `Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>`, `OpaqueTokenAuthenticationConverter` or `ReactiveOpaqueTokenAuthenticationConverter`
 - create `@WithJwt` to build OAuth2 `Authentication` during tests, using a JSON string or file on the classpath and submitting it to the JWT authentication converter. All samples and tutorials are updated with this new annotation.
diff --git a/pom.xml b/pom.xml
index 11ab9e2f3..32dad78a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 
 	<distributionManagement>
@@ -101,88 +101,15 @@
 				<artifactId>spring-addons-oauth2-test</artifactId>
 				<version>${project.version}</version>
 			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-web-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-core</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-client</artifactId>
-				<version>${project.version}</version>
-			</dependency>
 
 			<dependency>
 				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-core</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-introspecting-resource-server</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-jwt-resource-server</artifactId>
+				<artifactId>spring-addons-starter-oidc</artifactId>
 				<version>${project.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-client</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-introspecting-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-jwt-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-introspecting-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webflux-jwt-test</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-
-			<dependency>
-				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-keycloak</artifactId>
+				<artifactId>spring-addons-starter-oidc-test</artifactId>
 				<version>${project.version}</version>
 			</dependency>
 		</dependencies>
@@ -392,12 +319,11 @@
 		<profile>
 			<id>release</id>
 			<modules>
-				<module>starters</module>
 				<module>spring-addons-oauth2</module>
-				<module>spring-addons-web-test</module>
 				<module>spring-addons-oauth2-test</module>
-				<module>webmvc</module>
-				<module>webflux</module>
+				<module>spring-addons-starter-oidc</module>
+				<module>spring-addons-starter-oidc-test</module>
+				<module>starters</module>
 			</modules>
 			<build>
 				<plugins>
@@ -432,12 +358,11 @@
 				<activeByDefault>true</activeByDefault>
 			</activation>
 			<modules>
-				<module>starters</module>
 				<module>spring-addons-oauth2</module>
-				<module>spring-addons-web-test</module>
 				<module>spring-addons-oauth2-test</module>
-				<module>webmvc</module>
-				<module>webflux</module>
+				<module>spring-addons-starter-oidc</module>
+				<module>spring-addons-starter-oidc-test</module>
+				<module>starters</module>
 				<module>samples</module>
 			</modules>
 		</profile>
diff --git a/samples/pom.xml b/samples/pom.xml
index 4eb26df12..955da768f 100644
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -87,7 +87,7 @@
 
 			<dependency>
 				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+				<artifactId>spring-addons-starter-oidc</artifactId>
 				<version>${project.version}</version>
 			</dependency>
 			<dependency>
@@ -97,7 +97,7 @@
 			</dependency>
 			<dependency>
 				<groupId>com.c4-soft.springaddons</groupId>
-				<artifactId>spring-addons-webmvc-test</artifactId>
+				<artifactId>spring-addons-starter-oidc-test</artifactId>
 				<version>${project.version}</version>
 			</dependency>
 
diff --git a/samples/tutorials/bff/gateway/pom.xml b/samples/tutorials/bff/gateway/pom.xml
index d7ecbbd50..d11686315 100644
--- a/samples/tutorials/bff/gateway/pom.xml
+++ b/samples/tutorials/bff/gateway/pom.xml
@@ -1,5 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>com.c4-soft.springaddons.samples.tutorials.bff</groupId>
@@ -10,7 +12,7 @@
 	<artifactId>bff-gateway</artifactId>
 	<name>BFF gateway</name>
 	<description>Backend For Frontend</description>
-	
+
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -30,7 +32,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-client</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>io.swagger.core.v3</groupId>
diff --git a/samples/tutorials/bff/gateway/src/main/java/com/c4soft/springaddons/samples/bff/gateway/GatewayController.java b/samples/tutorials/bff/gateway/src/main/java/com/c4soft/springaddons/samples/bff/gateway/GatewayController.java
index 186ae1ebc..3db6a00b2 100644
--- a/samples/tutorials/bff/gateway/src/main/java/com/c4soft/springaddons/samples/bff/gateway/GatewayController.java
+++ b/samples/tutorials/bff/gateway/src/main/java/com/c4soft/springaddons/samples/bff/gateway/GatewayController.java
@@ -21,9 +21,10 @@
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
 
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
@@ -35,7 +36,7 @@
 @Tag(name = "Gateway")
 public class GatewayController {
 	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
-	private final SpringAddonsOAuth2ClientProperties addonsClientProps;
+	private final SpringAddonsOidcClientProperties addonsClientProperties;
 	private final LogoutRequestUriBuilder logoutRequestUriBuilder;
 	private final ServerSecurityContextRepository securityContextRepository = new WebSessionServerSecurityContextRepository();
 	private final List<LoginOptionDto> loginOptions;
@@ -43,13 +44,16 @@ public class GatewayController {
 	public GatewayController(
 			OAuth2ClientProperties clientProps,
 			ReactiveClientRegistrationRepository clientRegistrationRepository,
-			SpringAddonsOAuth2ClientProperties addonsClientProps,
+			SpringAddonsOidcProperties addonsProperties,
 			LogoutRequestUriBuilder logoutRequestUriBuilder) {
-		this.addonsClientProps = addonsClientProps;
+		this.addonsClientProperties = addonsProperties.getClient();
 		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.logoutRequestUriBuilder = logoutRequestUriBuilder;
 		this.loginOptions = clientProps.getRegistration().entrySet().stream().filter(e -> "authorization_code".equals(e.getValue().getAuthorizationGrantType()))
-				.map(e -> new LoginOptionDto(e.getValue().getProvider(), "%s/oauth2/authorization/%s".formatted(addonsClientProps.getClientUri(), e.getKey())))
+				.map(
+						e -> new LoginOptionDto(
+								e.getValue().getProvider(),
+								"%s/oauth2/authorization/%s".formatted(addonsClientProperties.getClientUri(), e.getKey())))
 				.toList();
 	}
 
@@ -83,11 +87,11 @@ public Mono<ResponseEntity<Void>> logout(ServerWebExchange exchange, Authenticat
 		if (authentication instanceof OAuth2AuthenticationToken oauth && oauth.getPrincipal() instanceof OidcUser oidcUser) {
 			uri = clientRegistrationRepository.findByRegistrationId(oauth.getAuthorizedClientRegistrationId()).map(clientRegistration -> {
 				final var uriString = logoutRequestUriBuilder
-						.getLogoutRequestUri(clientRegistration, oidcUser.getIdToken().getTokenValue(), addonsClientProps.getPostLogoutRedirectUri());
-				return StringUtils.hasText(uriString) ? URI.create(uriString) : addonsClientProps.getPostLogoutRedirectUri();
+						.getLogoutRequestUri(clientRegistration, oidcUser.getIdToken().getTokenValue(), addonsClientProperties.getPostLogoutRedirectUri());
+				return StringUtils.hasText(uriString) ? URI.create(uriString) : addonsClientProperties.getPostLogoutRedirectUri();
 			});
 		} else {
-			uri = Mono.just(addonsClientProps.getPostLogoutRedirectUri());
+			uri = Mono.just(addonsClientProperties.getPostLogoutRedirectUri());
 		}
 		return uri.flatMap(logoutUri -> {
 			return securityContextRepository.save(exchange, null).thenReturn(logoutUri);
diff --git a/samples/tutorials/bff/gateway/src/main/resources/application.yml b/samples/tutorials/bff/gateway/src/main/resources/application.yml
index 4f05f4a5d..b8e6cee80 100644
--- a/samples/tutorials/bff/gateway/src/main/resources/application.yml
+++ b/samples/tutorials/bff/gateway/src/main/resources/application.yml
@@ -98,18 +98,18 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
diff --git a/samples/tutorials/bff/greetings-api/pom.xml b/samples/tutorials/bff/greetings-api/pom.xml
index bc0c521a5..1828d27e9 100644
--- a/samples/tutorials/bff/greetings-api/pom.xml
+++ b/samples/tutorials/bff/greetings-api/pom.xml
@@ -20,6 +20,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
@@ -30,7 +34,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>io.swagger.core.v3</groupId>
@@ -55,7 +59,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/UsersApiApplication.java b/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/UsersApiApplication.java
index 119f4d3f7..5f5436d36 100644
--- a/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/UsersApiApplication.java
+++ b/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/UsersApiApplication.java
@@ -12,10 +12,10 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.info.Info;
@@ -35,9 +35,9 @@ public static class WebSecurityConfig {
 		@Bean
 		JwtAbstractAuthenticationTokenConverter authenticationConverter(
 				Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-				SpringAddonsSecurityProperties addonsProperties) {
+				SpringAddonsOidcProperties addonsProperties) {
 			return jwt -> new OAuthentication<>(
-					new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
+					new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
 					authoritiesConverter.convert(jwt.getClaims()),
 					jwt.getTokenValue());
 		};
diff --git a/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsController.java b/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsController.java
index b784e2cb8..544233f10 100644
--- a/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsController.java
+++ b/samples/tutorials/bff/greetings-api/src/main/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsController.java
@@ -5,8 +5,8 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import io.swagger.v3.oas.annotations.tags.Tag;
 
diff --git a/samples/tutorials/bff/greetings-api/src/main/resources/application.yml b/samples/tutorials/bff/greetings-api/src/main/resources/application.yml
index dee0684b2..4e776418e 100644
--- a/samples/tutorials/bff/greetings-api/src/main/resources/application.yml
+++ b/samples/tutorials/bff/greetings-api/src/main/resources/application.yml
@@ -24,30 +24,32 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all: 
-        - "/public/**"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          enabled: true
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/public/**"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/tutorials/bff/greetings-api/src/test/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsControllerTest.java b/samples/tutorials/bff/greetings-api/src/test/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsControllerTest.java
index 15403f9ec..0822c9c0a 100644
--- a/samples/tutorials/bff/greetings-api/src/test/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsControllerTest.java
+++ b/samples/tutorials/bff/greetings-api/src/test/java/com/c4soft/springaddons/samples/bff/users/web/GreetingsControllerTest.java
@@ -5,25 +5,27 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @WebMvcTest(controllers = GreetingsController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 class GreetingsControllerTest {
 	@Autowired
 	MockMvcSupport api;
 
 	@Test
-	void givenRequestIsNotAuthorized_whenGetMe_thenUnauthorized() throws Exception {
+	@WithAnonymousUser
+	void givenRequestIsAnonymous_whenGetGreetings_thenUnauthorized() throws Exception {
 		api.get("/greetings").andExpect(status().isUnauthorized());
 	}
 
 	@Test
 	@WithJwt("ch4mp_auth0.json")
-	void givenUserIsAuthenticated_whenGetMe_thenOk() throws Exception {
+	void givenUserIsAuthenticated_whenGetGreetings_thenOk() throws Exception {
 		api.get("/greetings").andExpect(status().isOk());
 	}
 
diff --git a/samples/tutorials/reactive-client/pom.xml b/samples/tutorials/reactive-client/pom.xml
index e0a9f640e..918f83d88 100644
--- a/samples/tutorials/reactive-client/pom.xml
+++ b/samples/tutorials/reactive-client/pom.xml
@@ -64,6 +64,11 @@
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>com.c4-soft.springaddons</groupId>
+			<artifactId>spring-addons-oauth2-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/samples/tutorials/reactive-client/src/test/java/com/c4soft/springaddons/tutorials/ReactiveClientApplicationTest.java b/samples/tutorials/reactive-client/src/test/java/com/c4soft/springaddons/tutorials/ReactiveClientApplicationTest.java
index dc3818e2e..55ebb07ac 100644
--- a/samples/tutorials/reactive-client/src/test/java/com/c4soft/springaddons/tutorials/ReactiveClientApplicationTest.java
+++ b/samples/tutorials/reactive-client/src/test/java/com/c4soft/springaddons/tutorials/ReactiveClientApplicationTest.java
@@ -3,9 +3,15 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
+import java.time.Instant;
 import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Stream;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -18,9 +24,19 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
+import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
+import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOidcLogin;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.OidcLoginAuthenticationSource;
+
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureWebTestClient
 @Import(ReactiveClientApplicationTest.TestSecurityConf.class)
@@ -31,24 +47,51 @@ class ReactiveClientApplicationTest {
 	@Autowired
 	WebTestClient webTestClient;
 
-	@Test
-	void givenRequestIsNotAuthorized_whenGetIndex_thenIsOk() throws Exception {
-		webTestClient.get().uri("/").exchange().expectStatus().isOk();
-	}
-
 	@Test
 	void givenUserIsAnonymous_whenGetIndex_thenIsOk() throws Exception {
 		webTestClient.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS)).get().uri("/").exchange().expectStatus().isOk();
 	}
 
 	@Test
-	void givenUserIsAuthenticated_whenGetIndex_thenIsOk() throws Exception {
-		webTestClient.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/").exchange().expectStatus().isOk();
+	@WithAnonymousUser
+	void givenUserIsAnonymousAnnotation_whenGetIndex_thenIsOk() throws Exception {
+		webTestClient.get().uri("/").exchange().expectStatus().isOk();
 	}
 
-	@Test
-	void givenRequestIsNotAuthorized_whenGetLogin_thenIsOk() throws Exception {
-		webTestClient.get().uri("/login").exchange().expectStatus().isOk();
+	@ParameterizedTest
+	@MethodSource("identityMutators")
+	void givenUserIsAuthenticated_whenGetIndex_thenIsOk(OidcLoginMutator identityMutator) throws Exception {
+		// @formatter:off
+		webTestClient.mutateWith(identityMutator)
+			.get().uri("/").exchange()
+			.expectStatus().isOk();
+		// @formatter:on
+	}
+
+	static Stream<OidcLoginMutator> identityMutators() {
+		Instant iat = Instant.now();
+		Instant exp = iat.plusSeconds(42);
+		return Stream.of(
+				SecurityMockServerConfigurers.mockOidcLogin().oidcUser(
+						new DefaultOidcUser(
+								List.of(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")),
+								new OidcIdToken("test.token", iat, exp, Map.of(JwtClaimNames.SUB, "ch4mp")))),
+				SecurityMockServerConfigurers.mockOidcLogin().oidcUser(
+						new DefaultOidcUser(
+								List.of(new SimpleGrantedAuthority("UNCLE"), new SimpleGrantedAuthority("SKIPPER")),
+								new OidcIdToken("test.token", iat, exp, Map.of(JwtClaimNames.SUB, "tonton-pirate")))));
+	}
+
+	@ParameterizedTest
+	@OidcLoginAuthenticationSource({
+			@WithOidcLogin(
+					authorities = { "NICE", "AUTHOR" },
+					claims = @OpenIdClaims(usernameClaim = StandardClaimNames.PREFERRED_USERNAME, preferredUsername = "ch4mp")),
+			@WithOidcLogin(
+					authorities = { "UNCLE", "SKIPPER" },
+					claims = @OpenIdClaims(usernameClaim = StandardClaimNames.PREFERRED_USERNAME, preferredUsername = "tonton-pirate")) })
+	void givenUserIsAuthenticatedWithAnnotation_whenGetIndex_thenIsOk() throws Exception {
+		webTestClient.get().uri("/").exchange().expectStatus().isOk();
 	}
 
 	@Test
@@ -56,14 +99,21 @@ void givenUserIsAnonymous_whenGetLogin_thenIsOk() throws Exception {
 		webTestClient.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS)).get().uri("/login").exchange().expectStatus().isOk();
 	}
 
+	@Test
+	@WithAnonymousUser
+	void givenUserIsAnonymousAnnotation_whenGetLogin_thenIsOk() throws Exception {
+		webTestClient.get().uri("/login").exchange().expectStatus().isOk();
+	}
+
 	@Test
 	void givenUserIsAuthenticated_whenGetLogin_thenIsRedirected() throws Exception {
 		webTestClient.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/login").exchange().expectStatus().is3xxRedirection();
 	}
 
 	@Test
-	void givenRequestIsNotAuthorized_whenGetNice_thenIsRedirected() throws Exception {
-		webTestClient.get().uri("/nice.html").exchange().expectStatus().is3xxRedirection();
+	@WithOidcLogin
+	void givenUserIsAuthenticatedWithAnnotation_whenGetLogin_thenIsRedirected() throws Exception {
+		webTestClient.get().uri("/login").exchange().expectStatus().is3xxRedirection();
 	}
 
 	@Test
@@ -72,17 +122,35 @@ void givenUserIsAnonymous_whenGetNice_thenIsRedirected() throws Exception {
 				.is3xxRedirection();
 	}
 
+	@Test
+	@WithAnonymousUser
+	void givenUserIsAnonymousAnnotation_whenGetNice_thenIsRedirected() throws Exception {
+		webTestClient.get().uri("/nice.html").exchange().expectStatus().is3xxRedirection();
+	}
+
 	@Test
 	void givenUserIsNice_whenGetNice_thenIsOk() throws Exception {
 		webTestClient.mutateWith(SecurityMockServerConfigurers.mockOidcLogin().authorities(new SimpleGrantedAuthority("NICE"))).get().uri("/nice.html")
 				.exchange().expectStatus().isOk();
 	}
 
+	@Test
+	@WithOidcLogin("NICE")
+	void givenUserIsNiceAnnotation_whenGetNice_thenIsOk() throws Exception {
+		webTestClient.get().uri("/nice.html").exchange().expectStatus().isOk();
+	}
+
 	@Test
 	void givenUserIsNotNice_whenGetNice_thenIsForbidden() throws Exception {
 		webTestClient.mutateWith(SecurityMockServerConfigurers.mockOidcLogin()).get().uri("/nice.html").exchange().expectStatus().isForbidden();
 	}
 
+	@Test
+	@WithOidcLogin
+	void givenUserIsNotNiceAnnotation_whenGetNice_thenIsForbidden() throws Exception {
+		webTestClient.get().uri("/nice.html").exchange().expectStatus().isForbidden();
+	}
+
 	@TestConfiguration
 	static class TestSecurityConf {
 		@Bean
diff --git a/samples/tutorials/reactive-resource-server/pom.xml b/samples/tutorials/reactive-resource-server/pom.xml
index 09f903ceb..36a1142eb 100644
--- a/samples/tutorials/reactive-resource-server/pom.xml
+++ b/samples/tutorials/reactive-resource-server/pom.xml
@@ -50,6 +50,11 @@
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>com.c4-soft.springaddons</groupId>
+			<artifactId>spring-addons-oauth2-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 	<build>
 		<plugins>
diff --git a/samples/tutorials/reactive-resource-server/src/main/resources/application.yml b/samples/tutorials/reactive-resource-server/src/main/resources/application.yml
index 73a71f5a1..6a136d3b7 100644
--- a/samples/tutorials/reactive-resource-server/src/main/resources/application.yml
+++ b/samples/tutorials/reactive-resource-server/src/main/resources/application.yml
@@ -30,6 +30,7 @@ spring-addons:
     claims:
     - jsonPath: $.cognito:groups
   - uri: ${auth0-issuer}
+    username-json-path: $['https://c4-soft.com/user']['name']
     claims:
     - jsonPath: $.roles
     - jsonPath: $.groups
diff --git a/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index 9f34e3072..39a3dc5ec 100644
--- a/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -1,21 +1,46 @@
 package com.c4soft.springaddons.tutorials;
 
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.ServerWebExchange;
 
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.AuthenticationSource;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
 import com.c4soft.springaddons.tutorials.GreetingController.MessageDto;
 
+import reactor.core.publisher.Mono;
+
 @WebFluxTest(controllers = GreetingController.class, properties = "server.ssl.enabled=false")
 @Import({ WebSecurityConfig.class })
+@TestInstance(Lifecycle.PER_CLASS) // needed only when using non-static @MethodSource
 class GreetingControllerTest {
+	static final AnonymousAuthenticationToken ANONYMOUS =
+			new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	@MockBean
 	ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
@@ -23,13 +48,31 @@ class GreetingControllerTest {
 	@Autowired
 	WebTestClient api;
 
+	// needed only when using @ParameterizedTests with WithJwt.AuthenticationFactory
+	@Autowired
+	Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> authenticationConverter;
+
+	WithJwt.AuthenticationFactory jwtAuthFactory;
+
+	@BeforeEach
+	public void setUp() {
+		jwtAuthFactory = new WithJwt.AuthenticationFactory(Optional.empty(), Optional.of(authenticationConverter));
+	}
+
 	@Test
-	void givenRequestIsNotAuthorized_whenGreet_thenUnauthorized() throws Exception {
-		api.get().uri("/greet").exchange().expectStatus().isUnauthorized();
+	void givenRequestIsAnonymous_whenGreet_thenUnauthorized() throws Exception {
+		api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS)).get().uri("/greet").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test
-	void givenUserAuthenticated_whenGetGreet_thenOk() throws Exception {
+	@WithAnonymousUser
+	void givenUserIsAnonymous_whenGreet_thenUnauthorized() throws Exception {
+		api.get().uri("/greet").exchange().expectStatus().isUnauthorized();
+	}
+
+	@ParameterizedTest
+	@MethodSource("identityMutators")
+	void givenUserIsAuthenticated_whenGreet_thenOk(JwtMutator identityMutator) throws Exception {
 		// @formatter:off
 		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
 				.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")))
@@ -39,8 +82,42 @@ void givenUserAuthenticated_whenGetGreet_thenOk() throws Exception {
 		// @formatter:on
 	}
 
+	static Stream<JwtMutator> identityMutators() {
+		return Stream.of(
+				SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject("ch4mp"))
+						.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")),
+				SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject("tonton-pirate"))
+						.authorities(new SimpleGrantedAuthority("UNCLE"), new SimpleGrantedAuthority("SKIPPER")));
+	}
+
+	@ParameterizedTest
+	@AuthenticationSource({
+			@WithMockAuthentication(name = "ch4mp", authorities = { "NICE", "AUTHOR" }),
+			@WithMockAuthentication(name = "tonton-pirate", authorities = { "UNCLE", "SKIPPER" }) })
+	void givenUserIsAuthenticatedWithMockAuthentication_whenGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception {
+		// @formatter:off
+		api.get().uri("/greet").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("Hi %s! You are granted with: %s.".formatted(auth.getName(), auth.getAuthorities())));
+		// @formatter:on
+	}
+
+	@ParameterizedTest
+	@MethodSource("jwts")
+	void givenUserIsAuthenticatedWithJwt_whenGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception {
+		// @formatter:off
+		api.get().uri("/greet").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("Hi %s! You are granted with: %s.".formatted(auth.getName(), auth.getAuthorities())));
+		// @formatter:on
+	}
+
+	Stream<AbstractAuthenticationToken> jwts() {
+		return jwtAuthFactory.authenticationsFrom("auth0_badboy.json", "auth0_nice.json");
+	}
+
 	@Test
-	void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
+	void givenUserHasNiceMutator_whenGetRestricted_thenOk() throws Exception {
 		// @formatter:off
 		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
 				.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")))
@@ -51,17 +128,66 @@ void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
 	}
 
 	@Test
-	void givenUserIsNotNice_whenGetRestricted_thenForbidden() throws Exception {
+	@WithMockAuthentication({ "NICE", "AUTHOR" })
+	void givenUserHasNiceMockAuthentication_whenGetRestricted_thenOk() throws Exception {
 		// @formatter:off
-		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
-				.authorities(new SimpleGrantedAuthority("AUTHOR")))
+		api.get().uri("/restricted").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("You are so nice!"));
+		// @formatter:on
+	}
+
+	@Test
+	@WithJwt("auth0_nice.json")
+	void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
+		// @formatter:off
+		api.get().uri("/restricted").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("You are so nice!"));
+		// @formatter:on
+	}
+
+	@Test
+	void givenUserHasNotNiceMutator_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
 			.get().uri("/restricted").exchange()
 			.expectStatus().isForbidden();
 		// @formatter:on
 	}
 
 	@Test
-	void givenRequestIsNotAuthorized_whenGetRestricted_thenUnauthorized() throws Exception {
+	@WithMockAuthentication("AUTHOR")
+	void givenUserHasNotNiceMockAuthentication_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isForbidden();
+		// @formatter:on
+	}
+
+	@Test
+	@WithJwt("auth0_badboy.json")
+	void givenUserIsBadboy_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isForbidden();
+		// @formatter:on
+	}
+
+	@Test
+	void givenUserHasAnonymousMutator_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isUnauthorized();
+		// @formatter:on
+	}
+
+	@Test
+	@WithAnonymousUser
+	void givenUserIsAnonymous_whenGetRestricted_thenUnauthorized() throws Exception {
 		api.get().uri("/restricted").exchange().expectStatus().isUnauthorized();
 	}
 }
diff --git a/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ReactiveResourceServerApplicationTests.java b/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ReactiveResourceServerApplicationTests.java
index 79fe9424e..2d407892a 100644
--- a/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ReactiveResourceServerApplicationTests.java
+++ b/samples/tutorials/reactive-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ReactiveResourceServerApplicationTests.java
@@ -1,23 +1,47 @@
 package com.c4soft.springaddons.tutorials;
 
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.server.ServerWebExchange;
 
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.AuthenticationSource;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
 import com.c4soft.springaddons.tutorials.GreetingController.MessageDto;
 
+import reactor.core.publisher.Mono;
+
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureWebTestClient
+@TestInstance(Lifecycle.PER_CLASS) // needed only when using non-static @MethodSource
 class ReactiveResourceServerApplicationTests {
+	static final AnonymousAuthenticationToken ANONYMOUS =
+			new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
 
 	@MockBean
 	ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
@@ -25,16 +49,31 @@ class ReactiveResourceServerApplicationTests {
 	@Autowired
 	WebTestClient api;
 
+	// needed only when using @ParameterizedTests with WithJwt.AuthenticationFactory
 	@Autowired
-	ServerProperties serverProperties;
+	Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> authenticationConverter;
+
+	WithJwt.AuthenticationFactory jwtAuthFactory;
+
+	@BeforeEach
+	public void setUp() {
+		jwtAuthFactory = new WithJwt.AuthenticationFactory(Optional.empty(), Optional.of(authenticationConverter));
+	}
 
 	@Test
-	void givenRequestIsNotAuthorized_whenGreet_thenUnauthorized() throws Exception {
-		api.get().uri("/greet").exchange().expectStatus().isUnauthorized();
+	void givenRequestIsAnonymous_whenGreet_thenUnauthorized() throws Exception {
+		api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS)).get().uri("/greet").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test
-	void givenUserAuthenticated_whenGreet_thenOk() throws Exception {
+	@WithAnonymousUser
+	void givenUserIsAnonymous_whenGreet_thenUnauthorized() throws Exception {
+		api.get().uri("/greet").exchange().expectStatus().isUnauthorized();
+	}
+
+	@ParameterizedTest
+	@MethodSource("identityMutators")
+	void givenUserIsAuthenticated_whenGreet_thenOk(JwtMutator identityMutator) throws Exception {
 		// @formatter:off
 		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
 				.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")))
@@ -44,8 +83,42 @@ void givenUserAuthenticated_whenGreet_thenOk() throws Exception {
 		// @formatter:on
 	}
 
+	static Stream<JwtMutator> identityMutators() {
+		return Stream.of(
+				SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject("ch4mp"))
+						.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")),
+				SecurityMockServerConfigurers.mockJwt().jwt(jwt -> jwt.subject("tonton-pirate"))
+						.authorities(new SimpleGrantedAuthority("UNCLE"), new SimpleGrantedAuthority("SKIPPER")));
+	}
+
+	@ParameterizedTest
+	@AuthenticationSource({
+			@WithMockAuthentication(name = "ch4mp", authorities = { "NICE", "AUTHOR" }),
+			@WithMockAuthentication(name = "tonton-pirate", authorities = { "UNCLE", "SKIPPER" }) })
+	void givenUserIsAuthenticatedWithMockAuthentication_whenGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception {
+		// @formatter:off
+		api.get().uri("/greet").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("Hi %s! You are granted with: %s.".formatted(auth.getName(), auth.getAuthorities())));
+		// @formatter:on
+	}
+
+	@ParameterizedTest
+	@MethodSource("jwts")
+	void givenUserIsAuthenticatedWithJwt_whenGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception {
+		// @formatter:off
+		api.get().uri("/greet").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("Hi %s! You are granted with: %s.".formatted(auth.getName(), auth.getAuthorities())));
+		// @formatter:on
+	}
+
+	Stream<AbstractAuthenticationToken> jwts() {
+		return jwtAuthFactory.authenticationsFrom("auth0_badboy.json", "auth0_nice.json");
+	}
+
 	@Test
-	void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
+	void givenUserHasNiceMutator_whenGetRestricted_thenOk() throws Exception {
 		// @formatter:off
 		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
 				.authorities(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR")))
@@ -56,17 +129,66 @@ void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
 	}
 
 	@Test
-	void givenUserIsNotNice_whenGetRestricted_thenForbidden() throws Exception {
+	@WithMockAuthentication({ "NICE", "AUTHOR" })
+	void givenUserHasNiceMockAuthentication_whenGetRestricted_thenOk() throws Exception {
 		// @formatter:off
-		api.mutateWith(SecurityMockServerConfigurers.mockJwt()
-				.authorities(new SimpleGrantedAuthority("AUTHOR")))
+		api.get().uri("/restricted").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("You are so nice!"));
+		// @formatter:on
+	}
+
+	@Test
+	@WithJwt("auth0_nice.json")
+	void givenUserIsNice_whenGetRestricted_thenOk() throws Exception {
+		// @formatter:off
+		api.get().uri("/restricted").exchange()
+			.expectStatus().isOk()
+			.expectBody(MessageDto.class).isEqualTo(new MessageDto("You are so nice!"));
+		// @formatter:on
+	}
+
+	@Test
+	void givenUserHasNotNiceMutator_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isForbidden();
+		// @formatter:on
+	}
+
+	@Test
+	@WithMockAuthentication("AUTHOR")
+	void givenUserHasNotNiceMockAuthentication_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
 			.get().uri("/restricted").exchange()
 			.expectStatus().isForbidden();
 		// @formatter:on
 	}
 
 	@Test
-	void givenRequestIsNotAuthorized_whenGetRestricted_thenUnauthorized() throws Exception {
+	@WithJwt("auth0_badboy.json")
+	void givenUserIsBadboy_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockJwt().authorities(new SimpleGrantedAuthority("AUTHOR")))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isForbidden();
+		// @formatter:on
+	}
+
+	@Test
+	void givenUserHasAnonymousMutator_whenGetRestricted_thenForbidden() throws Exception {
+		// @formatter:off
+		api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS))
+			.get().uri("/restricted").exchange()
+			.expectStatus().isUnauthorized();
+		// @formatter:on
+	}
+
+	@Test
+	@WithAnonymousUser
+	void givenUserIsAnonymous_whenGetRestricted_thenUnauthorized() throws Exception {
 		api.get().uri("/restricted").exchange().expectStatus().isUnauthorized();
 	}
 
diff --git a/samples/tutorials/reactive-resource-server/src/test/resources/auth0_badboy.json b/samples/tutorials/reactive-resource-server/src/test/resources/auth0_badboy.json
new file mode 100644
index 000000000..c4810c8ec
--- /dev/null
+++ b/samples/tutorials/reactive-resource-server/src/test/resources/auth0_badboy.json
@@ -0,0 +1,40 @@
+{
+  "https://c4-soft.com/user": {
+    "app_metadata": {},
+    "created_at": "2023-06-01T01:21:37.810Z",
+    "email": "tonton-pirate@c4-soft.com",
+    "email_verified": true,
+    "identities": [
+      {
+        "connection": "c4-soft",
+        "isSocial": true,
+        "provider": "oauth2",
+        "userId": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e90",
+        "user_id": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e90"
+      }
+    ],
+    "multifactor": [],
+    "name": "tonton-pirate",
+    "nickname": "Tonton Pirate",
+    "picture": "https://s.gravatar.com/avatar/f4d00b0a82e9307b1d68b29867fee4e5?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fch.png",
+    "roles": [
+      "SKIPPER"
+    ],
+    "updated_at": "2023-06-23T04:53:53.057Z",
+    "user_id": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+    "user_metadata": {}
+  },
+  "permissions": [
+    "AUTHOR"
+  ],
+  "iss": "https://dev-ch4mpy.eu.auth0.com/",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e90",
+  "aud": [
+    "demo.c4-soft.com",
+    "https://dev-ch4mpy.eu.auth0.com/userinfo"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/tutorials/reactive-resource-server/src/test/resources/auth0_nice.json b/samples/tutorials/reactive-resource-server/src/test/resources/auth0_nice.json
new file mode 100644
index 000000000..fa7f45fdf
--- /dev/null
+++ b/samples/tutorials/reactive-resource-server/src/test/resources/auth0_nice.json
@@ -0,0 +1,40 @@
+{
+  "https://c4-soft.com/user": {
+    "app_metadata": {},
+    "created_at": "2023-06-01T01:21:37.810Z",
+    "email": "ch4mp@c4-soft.com",
+    "email_verified": true,
+    "identities": [
+      {
+        "connection": "c4-soft",
+        "isSocial": true,
+        "provider": "oauth2",
+        "userId": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+        "user_id": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94"
+      }
+    ],
+    "multifactor": [],
+    "name": "ch4mp",
+    "nickname": "ch4mp",
+    "picture": "https://s.gravatar.com/avatar/f4d00b0a82e9307b1d68b29867fee4e5?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fch.png",
+    "roles": [
+      "USER_ROLES_EDITOR"
+    ],
+    "updated_at": "2023-06-23T04:53:53.057Z",
+    "user_id": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+    "user_metadata": {}
+  },
+  "permissions": [
+    "NICE", "AUTHOR"
+  ],
+  "iss": "https://dev-ch4mpy.eu.auth0.com/",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+  "aud": [
+    "demo.c4-soft.com",
+    "https://dev-ch4mpy.eu.auth0.com/userinfo"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/pom.xml b/samples/tutorials/resource-server_multitenant_dynamic/pom.xml
index e8c922d71..00802b215 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/pom.xml
+++ b/samples/tutorials/resource-server_multitenant_dynamic/pom.xml
@@ -19,18 +19,27 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springdoc</groupId>
 			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>jakarta.servlet</groupId>
+			<artifactId>jakarta.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -45,7 +54,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java b/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
index f43f8ada7..47376ba6f 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
+++ b/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
@@ -4,8 +4,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 @RestController
 @PreAuthorize("isAuthenticated()")
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java b/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
index 8e1e2c14b..086433301 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
+++ b/samples/tutorials/resource-server_multitenant_dynamic/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
@@ -27,12 +27,12 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.bind.annotation.ResponseStatus;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.MissingAuthorizationServerConfigurationException;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.IssuerProperties;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.MissingAuthorizationServerConfigurationException;
+import com.c4_soft.springaddons.security.oidc.starter.properties.OpenidProviderProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
 
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -44,7 +44,7 @@ JwtAbstractAuthenticationTokenConverter authenticationConverter(
 			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
 			DynamicTenantProperties addonsProperties) {
 		return jwt -> {
-			final var issProperties = addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString());
+			final var issProperties = addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS).toString());
 			return new OAuthentication<>(
 					new OpenidClaimSet(jwt.getClaims(), issProperties.getUsernameClaim()),
 					authoritiesConverter.convert(jwt.getClaims()),
@@ -65,11 +65,11 @@ private static URI baseUri(URI uri) {
 
 	@Primary
 	@Component
-	static class DynamicTenantProperties extends SpringAddonsSecurityProperties {
+	static class DynamicTenantProperties extends SpringAddonsOidcProperties {
 
 		@Override
-		public IssuerProperties getIssuerProperties(String iss) throws MissingAuthorizationServerConfigurationException {
-			return super.getIssuerProperties(baseUri(URI.create(iss)).toString());
+		public OpenidProviderProperties getOpProperties(String iss) throws MissingAuthorizationServerConfigurationException {
+			return super.getOpProperties(baseUri(URI.create(iss)).toString());
 		}
 
 	}
@@ -83,9 +83,9 @@ static class DynamicTenantsAuthenticationManagerResolver implements Authenticati
 				new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver<String>) this::getAuthenticationManager);
 
 		public DynamicTenantsAuthenticationManagerResolver(
-				SpringAddonsSecurityProperties addonsProperties,
+				SpringAddonsOidcProperties addonsProperties,
 				Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) {
-			this.issuerBaseUris = Stream.of(addonsProperties.getIssuers()).map(IssuerProperties::getLocation).map(WebSecurityConfig::baseUri).map(URI::toString)
+			this.issuerBaseUris = Stream.of(addonsProperties.getOps()).map(OpenidProviderProperties::getIss).map(WebSecurityConfig::baseUri).map(URI::toString)
 					.collect(Collectors.toSet());
 			this.jwtAuthenticationConverter = jwtAuthenticationConverter;
 		}
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/src/main/resources/application.yml b/samples/tutorials/resource-server_multitenant_dynamic/src/main/resources/application.yml
index ba216bf08..90b26ff49 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_multitenant_dynamic/src/main/resources/application.yml
@@ -15,30 +15,31 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${scheme}://localhost:${keycloak-port}
+      oidc:
+        ops:
+        - iss: ${scheme}://localhost:${keycloak-port}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: https://cognito-idp.us-west-2.amazonaws.com
+        - iss: https://cognito-idp.us-west-2.amazonaws.com
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: https://dev-ch4mpy.eu.auth0.com
+        - iss: https://dev-ch4mpy.eu.auth0.com
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
-        - "/swagger-ui/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          - "/swagger-ui/**"
         
 logging:
   level:
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index adf9aa679..6431d857c 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -16,16 +16,16 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
 @Import(WebSecurityConfig.class)
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 class GreetingControllerTest {
 
 	@Autowired
diff --git a/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerMultitenantDynamicApplicationTests.java b/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerMultitenantDynamicApplicationTests.java
index 69e5b6405..60c9523a5 100644
--- a/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerMultitenantDynamicApplicationTests.java
+++ b/samples/tutorials/resource-server_multitenant_dynamic/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerMultitenantDynamicApplicationTests.java
@@ -20,12 +20,12 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
diff --git a/samples/tutorials/resource-server_with_additional-header/pom.xml b/samples/tutorials/resource-server_with_additional-header/pom.xml
index 669399c29..c076175f1 100644
--- a/samples/tutorials/resource-server_with_additional-header/pom.xml
+++ b/samples/tutorials/resource-server_with_additional-header/pom.xml
@@ -11,6 +11,7 @@
 	<name>resource-server with additional-header</name>
 	
 	<dependencies>
+		
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
@@ -19,9 +20,17 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 
 		<dependency>
@@ -42,7 +51,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/resource-server_with_additional-header/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java b/samples/tutorials/resource-server_with_additional-header/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
index 6a9644f7e..2edf1b82f 100644
--- a/samples/tutorials/resource-server_with_additional-header/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
+++ b/samples/tutorials/resource-server_with_additional-header/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
@@ -18,12 +18,12 @@
 import org.springframework.security.oauth2.jwt.JwtDecoders;
 import org.springframework.security.oauth2.jwt.JwtException;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.HttpServletRequestSupport;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.HttpServletRequestSupport.InvalidHeaderException;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.HttpServletRequestSupport;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.HttpServletRequestSupport.InvalidHeaderException;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;
diff --git a/samples/tutorials/resource-server_with_additional-header/src/main/resources/application.yml b/samples/tutorials/resource-server_with_additional-header/src/main/resources/application.yml
index c9f2defc4..a257b0a05 100644
--- a/samples/tutorials/resource-server_with_additional-header/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_additional-header/src/main/resources/application.yml
@@ -18,29 +18,30 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index fcf2ffc5e..b1b30e9fc 100644
--- a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -10,11 +10,11 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import(SecurityConfig.class)
 class GreetingControllerTest {
 
diff --git a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerWithAdditionalHeaderTests.java b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerWithAdditionalHeaderTests.java
index 1e0ae0190..4031f21c4 100644
--- a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerWithAdditionalHeaderTests.java
+++ b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerWithAdditionalHeaderTests.java
@@ -1,5 +1,6 @@
 package com.c4soft.springaddons.tutorials;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -14,8 +15,8 @@
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
@@ -26,12 +27,12 @@ class ServletResourceServerWithAdditionalHeaderTests {
 
 	@Test
 	void givenRequestIsAnonymous_whenGetActuatorHealthLiveness_thenOk() throws Exception {
-		api.get("/actuator/health/liveness").andExpect(status().isOk()).andExpect(jsonPath("$.status").value("UP"));
+		api.with(anonymous()).get("/actuator/health/liveness").andExpect(status().isOk()).andExpect(jsonPath("$.status").value("UP"));
 	}
 
 	@Test
 	void givenRequestIsAnonymous_whenGetActuatorHealthReadiness_thenOk() throws Exception {
-		api.get("/actuator/health/readiness").andExpect(status().isOk());
+		api.with(anonymous()).get("/actuator/health/readiness").andExpect(status().isOk());
 	}
 
 	@Test
diff --git a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/WithMyAuth.java b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/WithMyAuth.java
index cae5b7f6d..e456dbb3e 100644
--- a/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/WithMyAuth.java
+++ b/samples/tutorials/resource-server_with_additional-header/src/test/java/com/c4soft/springaddons/tutorials/WithMyAuth.java
@@ -11,9 +11,9 @@
 import org.springframework.security.test.context.support.TestExecutionEvent;
 import org.springframework.security.test.context.support.WithSecurityContext;
 
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.AbstractAnnotatedAuthenticationBuilder;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 import com.c4soft.springaddons.tutorials.SecurityConfig.MyAuth;
 
 @Target({ ElementType.METHOD, ElementType.TYPE })
diff --git a/samples/tutorials/resource-server_with_introspection/pom.xml b/samples/tutorials/resource-server_with_introspection/pom.xml
index d4a60fa63..21b635485 100644
--- a/samples/tutorials/resource-server_with_introspection/pom.xml
+++ b/samples/tutorials/resource-server_with_introspection/pom.xml
@@ -15,9 +15,17 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 
 		<dependency>
@@ -38,7 +46,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java b/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
index 55699ed83..93420ca94 100644
--- a/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
+++ b/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
@@ -1,5 +1,6 @@
 package com.c4soft.springaddons.tutorials;
 
+import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -7,7 +8,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@RequestMapping("/greet")
+@RequestMapping(value = "/greet", produces = MediaType.APPLICATION_JSON_VALUE)
 public class GreetingController {
 
 	@GetMapping()
@@ -16,6 +17,6 @@ public MessageDto getGreeting(Authentication auth) {
 		return new MessageDto("Hi %s! You are granted with: %s.".formatted(auth.getName(), auth.getAuthorities()));
 	}
 
-	static record MessageDto(String body) {
+	public static record MessageDto(String body) {
 	}
 }
diff --git a/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java b/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
index 29c10068a..22a9ffd2b 100644
--- a/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
+++ b/samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
@@ -23,8 +23,8 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 @Configuration
 @EnableMethodSecurity
diff --git a/samples/tutorials/resource-server_with_introspection/src/main/resources/application.yml b/samples/tutorials/resource-server_with_introspection/src/main/resources/application.yml
index 1910be87f..16dc8ff1e 100644
--- a/samples/tutorials/resource-server_with_introspection/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_introspection/src/main/resources/application.yml
@@ -28,20 +28,21 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index ae4e6bdcb..95fd1e196 100644
--- a/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -7,16 +7,14 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.context.annotation.Import;
-import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockBearerTokenAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import(WebSecurityConfig.class)
 class GreetingControllerTest {
 
@@ -25,18 +23,16 @@ class GreetingControllerTest {
 
 	// @formatter:off
     @Test
-    @WithMockBearerTokenAuthentication(
-            authorities = { "NICE",  "AUTHOR" },
-            attributes = @OpenIdClaims(usernameClaim = StandardClaimNames.PREFERRED_USERNAME, preferredUsername = "Tonton Pirate"))
+    @WithOpaqueToken("ch4mp.json")
 	void givenUserIsGrantedWithNice_whenGreet_thenOk() throws Exception {
 		mockMvc.get("/greet")
 		    .andExpect(status().isOk())
-		    .andExpect(jsonPath("$.body").value("Hi Tonton Pirate! You are granted with: [NICE, AUTHOR]."));
+		    .andExpect(jsonPath("$.body").value("Hi ch4mp! You are granted with: [NICE, AUTHOR, ROLE_AUTHORIZED_PERSONNEL]."));
 	}
     // @formatter:on
 
 	@Test
-	@WithMockBearerTokenAuthentication(authorities = "AUTHOR", attributes = @OpenIdClaims(preferredUsername = "Tonton Pirate"))
+	@WithOpaqueToken("tonton-pirate.json")
 	void givenUserIsNotGrantedWithNice_whenGreet_thenForbidden() throws Exception {
 		mockMvc.get("/greet").andExpect(status().isForbidden());
 	}
diff --git a/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java b/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
index 109a03922..83ca30e98 100644
--- a/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
+++ b/samples/tutorials/resource-server_with_introspection/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
@@ -9,13 +9,11 @@
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockBearerTokenAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
@@ -31,20 +29,18 @@ void givenRequestIsAnonymous_whenGreet_thenUnauthorized() throws Exception {
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication()
-	void givenUserIsNotGrantedWithNice_whenGreet_thenForbidden() throws Exception {
+	@WithOpaqueToken("tonton-pirate.json")
+	void givenUserIsTontonPirate_whenGreet_thenForbidden() throws Exception {
 		api.get("/greet").andExpect(status().isForbidden());
 	}
 
 	// @formatter:off
     @Test
-    @WithMockBearerTokenAuthentication(
-            authorities = { "NICE",  "AUTHOR" },
-            attributes = @OpenIdClaims(usernameClaim = StandardClaimNames.PREFERRED_USERNAME, preferredUsername = "Tonton Pirate"))
+    @WithOpaqueToken("ch4mp.json")
     void givenUserIsGrantedWithNice_whenGreet_thenOk() throws Exception {
         api.get("/greet")
             .andExpect(status().isOk())
-            .andExpect(jsonPath("$.body").value("Hi Tonton Pirate! You are granted with: [NICE, AUTHOR]."));
+            .andExpect(jsonPath("$.body").value("Hi ch4mp! You are granted with: [NICE, AUTHOR, ROLE_AUTHORIZED_PERSONNEL]."));
     }
     // @formatter:on
 
diff --git a/samples/tutorials/resource-server_with_introspection/src/test/resources/ch4mp.json b/samples/tutorials/resource-server_with_introspection/src/test/resources/ch4mp.json
new file mode 100644
index 000000000..3ad337a5f
--- /dev/null
+++ b/samples/tutorials/resource-server_with_introspection/src/test/resources/ch4mp.json
@@ -0,0 +1,22 @@
+{
+  "email": "ch4mp@c4-soft.com",
+  "email_verified": true,
+  "preferred_username": "ch4mp",
+  "realm_access": {
+    "roles": [
+      "NICE",
+      "AUTHOR",
+      "ROLE_AUTHORIZED_PERSONNEL"
+    ]
+  },
+  "iss": "http://localhost:8442/realms/master",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+  "aud": [
+    "demo.c4-soft.com",
+    "http://localhost:8080"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_introspection/src/test/resources/tonton-pirate.json b/samples/tutorials/resource-server_with_introspection/src/test/resources/tonton-pirate.json
new file mode 100644
index 000000000..9604a961c
--- /dev/null
+++ b/samples/tutorials/resource-server_with_introspection/src/test/resources/tonton-pirate.json
@@ -0,0 +1,21 @@
+{
+  "email": "tonton-pirate@c4-soft.com",
+  "email_verified": true,
+  "preferred_username": "tonton-pirate",
+  "realm_access": {
+    "roles": [
+      "UNCLE",
+      "PIRATE"
+    ]
+  },
+  "iss": "http://localhost:8442/realms/master",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e90",
+  "aud": [
+    "demo.c4-soft.com",
+    "http://localhost:8080"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_oauthentication/pom.xml b/samples/tutorials/resource-server_with_oauthentication/pom.xml
index cd4c58a00..ea84c0ddb 100644
--- a/samples/tutorials/resource-server_with_oauthentication/pom.xml
+++ b/samples/tutorials/resource-server_with_oauthentication/pom.xml
@@ -19,13 +19,17 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springdoc</groupId>
@@ -45,7 +49,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java b/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
index f43f8ada7..47376ba6f 100644
--- a/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
+++ b/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/GreetingController.java
@@ -4,8 +4,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 @RestController
 @PreAuthorize("isAuthenticated()")
diff --git a/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java b/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java
index c0c23cc00..9d64b1e42 100644
--- a/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java
+++ b/samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java
@@ -15,11 +15,11 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.security.OAuthFlow;
@@ -48,9 +48,9 @@ public static class SecurityConfig {
 		@Bean
 		JwtAbstractAuthenticationTokenConverter authenticationConverter(
 				Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-				SpringAddonsSecurityProperties addonsProperties) {
+				SpringAddonsOidcProperties addonsProperties) {
 			return jwt -> new OAuthentication<>(
-					new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
+					new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
 					authoritiesConverter.convert(jwt.getClaims()),
 					jwt.getTokenValue());
 		}
diff --git a/samples/tutorials/resource-server_with_oauthentication/src/main/resources/application.yml b/samples/tutorials/resource-server_with_oauthentication/src/main/resources/application.yml
index f480f4ffa..b4dda6910 100644
--- a/samples/tutorials/resource-server_with_oauthentication/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_oauthentication/src/main/resources/application.yml
@@ -19,30 +19,31 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
-        - "/swagger-ui/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          - "/swagger-ui/**"
         
 logging:
   level:
diff --git a/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index ee87e4eb2..533153208 100644
--- a/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -16,16 +16,16 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 import com.c4soft.springaddons.tutorials.ResourceServerWithOAuthenticationApplication.SecurityConfig;
 
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import(SecurityConfig.class)
 class GreetingControllerTest {
 
diff --git a/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java b/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
index cc4500dad..de1c90f16 100644
--- a/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
+++ b/samples/tutorials/resource-server_with_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplicationTests.java
@@ -15,8 +15,8 @@
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/pom.xml b/samples/tutorials/resource-server_with_specialized_oauthentication/pom.xml
index d78d4e586..eca43ad27 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/pom.xml
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/pom.xml
@@ -15,6 +15,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
@@ -23,9 +27,13 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 
 		<dependency>
@@ -46,7 +54,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesAuthentication.java b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesAuthentication.java
index a0c62c8bc..72993283b 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesAuthentication.java
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesAuthentication.java
@@ -6,7 +6,7 @@
 
 import org.springframework.security.core.GrantedAuthority;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesClaimSet.java b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesClaimSet.java
index 26b6c5d32..08b6e3d97 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesClaimSet.java
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ProxiesClaimSet.java
@@ -8,7 +8,7 @@
 
 import org.springframework.core.convert.converter.Converter;
 
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
index d1ae0e549..79ec018c9 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java
@@ -12,9 +12,9 @@
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.core.GrantedAuthority;
 
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.spring.C4MethodSecurityExpressionHandler;
-import com.c4_soft.springaddons.security.oauth2.spring.C4MethodSecurityExpressionRoot;
+import com.c4_soft.springaddons.security.oidc.spring.C4MethodSecurityExpressionHandler;
+import com.c4_soft.springaddons.security.oidc.spring.C4MethodSecurityExpressionRoot;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
 
 @Configuration
 @EnableMethodSecurity
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/resources/application.yml b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/resources/application.yml
index 0de95f861..663aea100 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/main/resources/application.yml
@@ -18,30 +18,31 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index 43869718d..d9a6fee8f 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -10,11 +10,11 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerTest {
 
diff --git a/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOidcAuthenticationApplicationTests.java b/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOidcAuthenticationApplicationTests.java
index ef431deda..eb9d8265d 100644
--- a/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOidcAuthenticationApplicationTests.java
+++ b/samples/tutorials/resource-server_with_specialized_oauthentication/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithOidcAuthenticationApplicationTests.java
@@ -12,8 +12,8 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK, classes = { ResourceServerWithOAuthenticationApplication.class, SecurityConfig.class })
 @AutoConfigureMockMvc
diff --git a/samples/tutorials/resource-server_with_ui/pom.xml b/samples/tutorials/resource-server_with_ui/pom.xml
index 70fced3d8..bf12f60b5 100644
--- a/samples/tutorials/resource-server_with_ui/pom.xml
+++ b/samples/tutorials/resource-server_with_ui/pom.xml
@@ -15,17 +15,9 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 		</dependency>
-
-		<!-- resource-server dependencies -->
 		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
-		</dependency>
-		
-		<!-- client dependencies -->
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-client</artifactId>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -33,11 +25,18 @@
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
 		</dependency>
+
+		<dependency>
+			<groupId>com.c4-soft.springaddons</groupId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
+		</dependency>
+		
+		<!-- client dependencies -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -73,7 +72,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
index 629550df2..eeb237f21 100644
--- a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
+++ b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java
@@ -8,7 +8,7 @@
  * <ul>
  * <li><a href="https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-client">spring-addons-webmvc-jwt-client</a> which defines a
  * "client" security filter-chain (sessions, CSRF protection, OAuth2 login &amp; logout, redirect unauthorized requests to login with 302) with high &#64;Order
- * and security-matchers defined with com.c4-soft.springaddons.security.client.security-matchers property</li>
+ * and security-matchers defined with com.c4-soft.springaddons.oidc.client.security-matchers property</li>
  * <li><a href=
  * "https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-jwt-resource-server">spring-addons-webmvc-jwt-resource-server</a> which
  * defines a "resource server" security filter-chain (no session, no CSRF protection, no login nor logout, returns 401 for unauthorized requests) with lowest
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
index 8dc2b64fa..7c6ae9ae3 100644
--- a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
+++ b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
@@ -25,9 +25,9 @@
 import org.springframework.web.servlet.view.RedirectView;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2AuthorizedClientRepository;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOAuth2AuthorizedClientRepository;
 import com.nimbusds.jwt.JWTClaimNames;
 
 import jakarta.servlet.http.HttpServletRequest;
@@ -46,7 +46,7 @@ public class UiController {
 	private final WebClient api;
 	private final InMemoryClientRegistrationRepository clientRegistrationRepository;
 	private final SpringAddonsOAuth2AuthorizedClientRepository authorizedClientRepo;
-	private final SpringAddonsOAuth2ClientProperties addonsClientProps;
+	private final SpringAddonsOidcProperties addonsClientProps;
 	private final LogoutRequestUriBuilder logoutRequestUriBuilder;
 
 	@GetMapping("/")
@@ -69,10 +69,10 @@ public String getGreeting(HttpServletRequest request, Authentication auth, Model
 					} else {
 						try {
 							final var greetApiUri = new URI(
-									addonsClientProps.getClientUri().getScheme(),
+									addonsClientProps.getClient().getClientUri().getScheme(),
 									null,
-									addonsClientProps.getClientUri().getHost(),
-									addonsClientProps.getClientUri().getPort(),
+									addonsClientProps.getClient().getClientUri().getHost(),
+									addonsClientProps.getClient().getClientUri().getPort(),
 									"/api/greet",
 									null,
 									null);
@@ -108,7 +108,7 @@ public RedirectView logout(
 			HttpServletRequest request,
 			HttpServletResponse response) {
 		final var authorizedClient = authorizedClientRepo.loadAuthorizedClient(clientRegistrationId, auth, request);
-		final var postLogoutUri = UriComponentsBuilder.fromUri(addonsClientProps.getClientUri()).path(redirectTo.orElse("/ui/greet"))
+		final var postLogoutUri = UriComponentsBuilder.fromUri(addonsClientProps.getClient().getClientUri()).path(redirectTo.orElse("/ui/greet"))
 				.encode(StandardCharsets.UTF_8).build().toUriString();
 		final var userIds = authorizedClientRepo.getOAuth2UsersBySession(request.getSession());
 		final var user = userIds.get(authorizedClient.getClientRegistration().getProviderDetails().getIssuerUri());
@@ -143,7 +143,7 @@ public RedirectView bulkLogout(HttpServletRequest request) {
 			return new RedirectView(builder.encode(StandardCharsets.UTF_8).build().toUriString());
 
 		}
-		return new RedirectView(addonsClientProps.getPostLogoutRedirectPath());
+		return new RedirectView(addonsClientProps.getClient().getPostLogoutRedirectPath());
 	}
 
 	@Data
diff --git a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
index a65ea81a9..4389df3de 100644
--- a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
@@ -65,30 +65,31 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /api/greet
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: $.preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: $.username
           authorities:
           - path: $.cognito:groups
-        - location: ${auth0-issuer}
-          audience: demo.c4-soft.com
+        - iss: ${auth0-issuer}
+          aud: demo.c4-soft.com
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all: 
-        - /actuator/health/readiness
-        - /actuator/health/liveness
-        - /v3/api-docs/**
-        - /api/public
+        resourceserver:
+          cors:
+          - path: /api/greet
+          permit-all: 
+          - /actuator/health/readiness
+          - /actuator/health/liveness
+          - /v3/api-docs/**
+          - /api/public
         client:
           security-matchers:
           - /login/**
diff --git a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
index 9acf2f28d..788a0351f 100644
--- a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
+++ b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
@@ -12,13 +12,13 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @ImportAutoConfiguration({ AddonsWebmvcTestConf.class })
 class ResourceServerWithUiApplicationTests {
 	@Autowired
diff --git a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
index d6954a24f..f087a56a2 100644
--- a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
+++ b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
@@ -10,12 +10,12 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 import com.c4soft.springaddons.tutorials.WebSecurityConfig;
 
 @WebMvcTest(controllers = ApiController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ WebSecurityConfig.class })
 class ApiControllerTest {
 
diff --git a/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java b/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
index b8e496f7c..10318c809 100644
--- a/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
+++ b/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/GreetingControllerTest.java
@@ -27,7 +27,7 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 
-@WebMvcTest(controllers = GreetingController.class)
+@WebMvcTest(controllers = GreetingController.class, properties = { "server.ssl.enabled=false" })
 @Import({ WebSecurityConfig.class })
 class GreetingControllerTest {
 
diff --git a/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerApplicationTests.java b/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerApplicationTests.java
index 0131942ab..fb41225e3 100644
--- a/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerApplicationTests.java
+++ b/samples/tutorials/servlet-resource-server/src/test/java/com/c4soft/springaddons/tutorials/ServletResourceServerApplicationTests.java
@@ -17,7 +17,7 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK, properties = { "server.ssl.enabled=false" })
 @AutoConfigureMockMvc
 class ServletResourceServerApplicationTests {
 
@@ -29,7 +29,7 @@ class ServletResourceServerApplicationTests {
 
 	@Test
 	void givenRequestIsNotAuthorized_whenGreet_thenUnauthorized() throws Exception {
-		api.perform(get("/greet")).andExpect(status().isUnauthorized());
+		api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.anonymous())).andExpect(status().isUnauthorized());
 	}
 
 	@Test
diff --git a/samples/webflux-introspecting-default/pom.xml b/samples/webflux-introspecting-default/pom.xml
index 77cfb9375..0536f8749 100644
--- a/samples/webflux-introspecting-default/pom.xml
+++ b/samples/webflux-introspecting-default/pom.xml
@@ -13,17 +13,21 @@
 	</properties>
 
 	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-webflux</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-actuator</artifactId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-introspecting-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		
 		<dependency>
@@ -40,7 +44,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-introspecting-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
index 6a13b9881..27f65f7f3 100644
--- a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
+++ b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
@@ -13,7 +13,6 @@
 package com.c4_soft.springaddons.samples.webflux_jwtauthenticationtoken;
 
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
@@ -35,10 +34,7 @@ public Mono<String> getSecret() {
 
 	@PreAuthorize("isAuthenticated()")
 	public Mono<String> greet(BearerTokenAuthentication who) {
-		final String msg = String.format(
-				"Hello %s! You are granted with %s.",
-				who.getTokenAttributes().get(StandardClaimNames.PREFERRED_USERNAME),
-				who.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList());
+		final String msg = String.format("Hello %s! You are granted with %s.", who.getName(), who.getAuthorities());
 		return Mono.just(msg);
 	}
 
diff --git a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
index e72edc8b4..24cf05e7f 100644
--- a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
+++ b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
@@ -7,7 +7,7 @@
 
 @Repository
 public class SecretRepo {
-	@PreAuthorize("authentication.tokenAttributes['preferred_username'] eq #username")
+	@PreAuthorize("authentication.name eq #username")
 	public Mono<String> findSecretByUsername(String username) {
 		return Mono.just("Don't ever tell it");
 	}
diff --git a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
index d992ce588..735afa821 100644
--- a/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
+++ b/samples/webflux-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
@@ -5,7 +5,7 @@
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.ResourceServerAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerAuthorizeExchangeSpecPostProcessor;
 
 @EnableReactiveMethodSecurity()
 @Configuration
diff --git a/samples/webflux-introspecting-default/src/main/resources/application.yml b/samples/webflux-introspecting-default/src/main/resources/application.yml
index d88aa2653..8b285dec7 100644
--- a/samples/webflux-introspecting-default/src/main/resources/application.yml
+++ b/samples/webflux-introspecting-default/src/main/resources/application.yml
@@ -23,26 +23,28 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
     org:
       springframework:
         security: DEBUG
+        boot: INFO
         
 management:
   endpoint:
diff --git a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
index 60769563a..2af4545d6 100644
--- a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
+++ b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
@@ -24,7 +24,7 @@
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
 
 import reactor.core.publisher.Mono;
@@ -36,7 +36,7 @@
  */
 
 @WebFluxTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebfluxResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
index a837a7e53..2a6354412 100644
--- a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
+++ b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
@@ -30,7 +30,7 @@
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 
 import reactor.core.publisher.Mono;
 
@@ -38,7 +38,7 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebFluxTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebfluxResourceServerSecurity
 @Import({ SecurityConfig.class })
 public class GreetingControllerFluentApiTest {
 	static final AnonymousAuthenticationToken ANONYMOUS =
diff --git a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
index 685e4e10f..8263b8f6a 100644
--- a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
+++ b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
@@ -14,27 +14,29 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-import java.util.List;
 import java.util.Map;
+import java.util.stream.Stream;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Import;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockBearerTokenAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.AuthenticationSource;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 import reactor.core.publisher.Mono;
 
@@ -44,15 +46,17 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 
-// Import security configuration and test component
-@Import({ SecurityConfig.class, MessageService.class, OAuth2ResourceServerProperties.class })
-@AutoConfigureAddonsSecurity
+@AddonsWebfluxComponentTest
+@SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
 class MessageServiceTests {
 
 	// auto-wire tested component
 	@Autowired
 	private MessageService messageService;
 
+	@Autowired
+	private WithOpaqueToken.AuthenticationFactory authFactory;
+
 	// mock dependencies
 	@MockBean
 	SecretRepo secretRepo;
@@ -77,29 +81,26 @@ void givenRequestIsAnonymous_whenGetGreet_thenThrows() {
 	/* @@WithMockBearerTokenAuthentication */
 	/*-------------------------------------*/
 	@Test()
-	@WithMockBearerTokenAuthentication()
-	void givenUserIsNotGrantedWithAuthorizedPersonnel_whenGetSecret_thenThrows() {
+	@WithOpaqueToken("tonton-pirate.json")
+	void givenUserIsTontonPirate_whenGetSecret_thenThrows() {
 		assertThrows(Exception.class, () -> messageService.getSecret().block());
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication("ROLE_AUTHORIZED_PERSONNEL")
+	@WithOpaqueToken("ch4mp.json")
 	void givenUserIsGrantedWithAuthorizedPersonnel_whenGetSecret_thenReturnsSecret() {
 		assertThat(messageService.getSecret().block()).isEqualTo("incredible");
 	}
 
-	@Test
-	@WithMockBearerTokenAuthentication()
-	void givenUserIsAuthenticated_whenGetGreet_thenReturnsGreeting() {
-		final var auth = mock(BearerTokenAuthentication.class);
-		final var token = mock(OAuth2AccessToken.class);
-		when(auth.getTokenAttributes()).thenReturn(Map.of(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy"));
-		when(auth.getToken()).thenReturn(token);
-		when(auth.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")));
-
-		assertThat(messageService.greet(auth).block()).isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+	@ParameterizedTest
+	@MethodSource("identities")
+	void givenUserIsAuthenticated_whenGetGreet_thenReturnsGreeting(@ParameterizedAuthentication Authentication auth) {
+		assertThat(messageService.greet((BearerTokenAuthentication) auth).block())
+				.isEqualTo("Hello %s! You are granted with %s.".formatted(auth.getName(), auth.getAuthorities()));
+	}
 
-		assertThat(messageService.greet(auth).block()).isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+	Stream<Authentication> identities() {
+		return authFactory.authenticationsFrom("ch4mp.json", "tonton-pirate.json");
 	}
 
 	/*-------------------------*/
@@ -120,15 +121,20 @@ void givenUserIsAuthenticatedWithMockedAuthenticationAndGrantedWithAuthorizedPer
 		assertThat(messageService.getSecret().block()).isEqualTo("incredible");
 	}
 
-	@Test
-	@WithMockAuthentication(authType = BearerTokenAuthentication.class, principalType = OAuth2AccessToken.class)
-	void givenUserIsAuthenticatedWithMockedAuthentication_whenGetGreet_thenReturnsGreeting() {
-		final var auth = mock(BearerTokenAuthentication.class);
-		final var token = mock(OAuth2AccessToken.class);
-		when(auth.getTokenAttributes()).thenReturn(Map.of(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy"));
-		when(auth.getToken()).thenReturn(token);
-		when(auth.getAuthorities()).thenReturn(List.of(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")));
-
-		assertThat(messageService.greet(auth).block()).isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+	@ParameterizedTest
+	@AuthenticationSource({
+			@WithMockAuthentication(
+					authType = BearerTokenAuthentication.class,
+					principalType = OAuth2AccessToken.class,
+					name = "Ch4mpy",
+					authorities = { "NICE", "AUTHOR" }),
+			@WithMockAuthentication(
+					authType = BearerTokenAuthentication.class,
+					principalType = OAuth2AccessToken.class,
+					name = "Tonton-Pirate",
+					authorities = { "UNCLE", "SKIPPER" }) })
+	void givenUserIsAuthenticatedWithMockedAuthentication_whenGetGreet_thenReturnsGreeting(@ParameterizedAuthentication Authentication auth) {
+		assertThat(messageService.greet((BearerTokenAuthentication) auth).block())
+				.isEqualTo("Hello %s! You are granted with %s.".formatted(auth.getName(), auth.getAuthorities()));
 	}
 }
diff --git a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
index ccbc42b29..2c2b49b1a 100644
--- a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
+++ b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
@@ -16,12 +16,10 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
-import org.springframework.context.annotation.Import;
+import org.springframework.boot.test.context.SpringBootTest;
 
-import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockBearerTokenAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -29,9 +27,8 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 
-// Import security configuration and test component
-@Import({ SecurityConfig.class, SecretRepo.class, OAuth2ResourceServerProperties.class })
-@AutoConfigureAddonsSecurity
+@AddonsWebfluxComponentTest
+@SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
 class SecretRepoTest {
 
 	// auto-wire tested component
@@ -42,19 +39,19 @@ class SecretRepoTest {
 	void givenRequestIsAnonymous_whenFindSecretByUsername_thenThrows() {
 		// call tested components methods directly (do not use MockMvc nor
 		// WebTestClient)
-		assertThrows(Exception.class, () -> secretRepo.findSecretByUsername("ch4mpy").block());
+		assertThrows(Exception.class, () -> secretRepo.findSecretByUsername("ch4mp").block());
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication(attributes = @OpenIdClaims(preferredUsername = "Tonton Pirate"))
+	@WithOpaqueToken("tonton-pirate.json")
 	void givenUserIsAuthenticatedAsSomeoneElse_whenFindSecretByUsername_thenThrows() {
-		assertThrows(Exception.class, () -> secretRepo.findSecretByUsername("ch4mpy").block());
+		assertThrows(Exception.class, () -> secretRepo.findSecretByUsername("ch4mp").block());
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication(attributes = @OpenIdClaims(preferredUsername = "ch4mpy"))
+	@WithOpaqueToken("ch4mp.json")
 	void givenUserIsAuthenticatedAsSearchedUser_whenFindSecretByUsername_thenThrows() {
-		assertEquals("Don't ever tell it", secretRepo.findSecretByUsername("ch4mpy").block());
+		assertEquals("Don't ever tell it", secretRepo.findSecretByUsername("ch4mp").block());
 	}
 
 }
diff --git a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/WebfluxIntrospectingDefaultTest.java
similarity index 59%
rename from samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
rename to samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/WebfluxIntrospectingDefaultTest.java
index 7171fec03..bf0af69b2 100644
--- a/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
+++ b/samples/webflux-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/WebfluxIntrospectingDefaultTest.java
@@ -1,21 +1,22 @@
 package com.c4_soft.springaddons.samples.webflux_jwtauthenticationtoken;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
-import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenIdClaims;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockBearerTokenAuthentication;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
 
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest
 @AutoConfigureWebTestClient
 @ImportAutoConfiguration({ AddonsWebfluxTestConf.class })
-class SampleApiIntegrationTests {
+@TestInstance(Lifecycle.PER_CLASS)
+class WebfluxIntrospectingDefaultTest {
 	@Autowired
 	WebTestClient api;
 
@@ -25,16 +26,16 @@ void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception {
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication()
-	void givenUserIsAuthenticated_whenGetGreet_thenOk() throws Exception {
-		api.get().uri("https://localhost/greet").exchange().expectBody(String.class).isEqualTo("Hello user! You are granted with [].");
+	@WithOpaqueToken("ch4mp.json")
+	void givenUserIsCh4mp_whenGetGreet_thenOk() throws Exception {
+		api.get().uri("https://localhost/greet").exchange().expectBody(String.class)
+				.isEqualTo("Hello ch4mp! You are granted with [NICE, AUTHOR, ROLE_AUTHORIZED_PERSONNEL].");
 	}
 
 	@Test
-	@WithMockBearerTokenAuthentication(authorities = "ROLE_AUTHORIZED_PERSONNEL", attributes = @OpenIdClaims(preferredUsername = "Ch4mpy"))
-	void givenUserIsCh4mpy_whenGetGreet_thenOk() throws Exception {
-		api.get().uri("https://localhost/greet").exchange().expectBody(String.class)
-				.isEqualTo("Hello Ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+	@WithOpaqueToken("tonton-pirate.json")
+	void givenUserIsTontonPirate_whenGetGreet_thenOk() throws Exception {
+		api.get().uri("https://localhost/greet").exchange().expectBody(String.class).isEqualTo("Hello tonton-pirate! You are granted with [UNCLE, PIRATE].");
 	}
 
 }
diff --git a/samples/webflux-introspecting-default/src/test/resources/ch4mp.json b/samples/webflux-introspecting-default/src/test/resources/ch4mp.json
new file mode 100644
index 000000000..3ad337a5f
--- /dev/null
+++ b/samples/webflux-introspecting-default/src/test/resources/ch4mp.json
@@ -0,0 +1,22 @@
+{
+  "email": "ch4mp@c4-soft.com",
+  "email_verified": true,
+  "preferred_username": "ch4mp",
+  "realm_access": {
+    "roles": [
+      "NICE",
+      "AUTHOR",
+      "ROLE_AUTHORIZED_PERSONNEL"
+    ]
+  },
+  "iss": "http://localhost:8442/realms/master",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+  "aud": [
+    "demo.c4-soft.com",
+    "http://localhost:8080"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/webflux-introspecting-default/src/test/resources/tonton-pirate.json b/samples/webflux-introspecting-default/src/test/resources/tonton-pirate.json
new file mode 100644
index 000000000..9604a961c
--- /dev/null
+++ b/samples/webflux-introspecting-default/src/test/resources/tonton-pirate.json
@@ -0,0 +1,21 @@
+{
+  "email": "tonton-pirate@c4-soft.com",
+  "email_verified": true,
+  "preferred_username": "tonton-pirate",
+  "realm_access": {
+    "roles": [
+      "UNCLE",
+      "PIRATE"
+    ]
+  },
+  "iss": "http://localhost:8442/realms/master",
+  "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e90",
+  "aud": [
+    "demo.c4-soft.com",
+    "http://localhost:8080"
+  ],
+  "iat": 1687633329,
+  "exp": 1687719729,
+  "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+  "scope": "openid email"
+}
\ No newline at end of file
diff --git a/samples/webflux-introspecting-oauthentication/pom.xml b/samples/webflux-introspecting-oauthentication/pom.xml
index aeca026df..6c6711f42 100644
--- a/samples/webflux-introspecting-oauthentication/pom.xml
+++ b/samples/webflux-introspecting-oauthentication/pom.xml
@@ -13,6 +13,10 @@
 	</properties>
 
 	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-webflux</artifactId>
@@ -23,7 +27,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-introspecting-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		
 		<dependency>
@@ -40,7 +44,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-introspecting-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingController.java b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingController.java
index 847abd11e..320b50378 100644
--- a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingController.java
+++ b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingController.java
@@ -8,8 +8,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 import reactor.core.publisher.Mono;
diff --git a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
index 908f99d51..2ed7632b6 100644
--- a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
+++ b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
@@ -16,8 +16,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 import reactor.core.publisher.Mono;
diff --git a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
index 239f538ad..24cf05e7f 100644
--- a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
+++ b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepo.java
@@ -7,7 +7,7 @@
 
 @Repository
 public class SecretRepo {
-	@PreAuthorize("authentication.attributes['preferred_username'] eq #username")
+	@PreAuthorize("authentication.name eq #username")
 	public Mono<String> findSecretByUsername(String username) {
 		return Mono.just("Don't ever tell it");
 	}
diff --git a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
index 5bbec0c79..47dd9d264 100644
--- a/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
+++ b/samples/webflux-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
@@ -13,10 +13,10 @@
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.ResourceServerAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerAuthorizeExchangeSpecPostProcessor;
 
 import reactor.core.publisher.Mono;
 
@@ -27,7 +27,7 @@ public class SecurityConfig {
 	@Bean
 	ReactiveOpaqueTokenAuthenticationConverter authenticationConverter(
 			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		return (
 				String introspectedToken,
 				OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> Mono
@@ -35,7 +35,7 @@ ReactiveOpaqueTokenAuthenticationConverter authenticationConverter(
 								new OAuthentication<>(
 										new OpenidClaimSet(
 												authenticatedPrincipal.getAttributes(),
-												addonsProperties.getIssuerProperties(authenticatedPrincipal.getAttributes().get(JwtClaimNames.ISS))
+												addonsProperties.getOpProperties(authenticatedPrincipal.getAttributes().get(JwtClaimNames.ISS))
 														.getUsernameClaim()),
 										authoritiesConverter.convert(authenticatedPrincipal.getAttributes()),
 										introspectedToken));
diff --git a/samples/webflux-introspecting-oauthentication/src/main/resources/application.yml b/samples/webflux-introspecting-oauthentication/src/main/resources/application.yml
index d88aa2653..a17ad1b0f 100644
--- a/samples/webflux-introspecting-oauthentication/src/main/resources/application.yml
+++ b/samples/webflux-introspecting-oauthentication/src/main/resources/application.yml
@@ -23,20 +23,21 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all: 
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
index 2ece542e6..7c92f1e79 100644
--- a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
+++ b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
@@ -27,12 +27,12 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import reactor.core.publisher.Mono;
 
@@ -43,7 +43,7 @@
  */
 
 @WebFluxTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebfluxResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
index 9d757a61e..b1766faa6 100644
--- a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
+++ b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
@@ -25,10 +25,10 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.MockAuthenticationWebTestClientConfigurer;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
 
 import reactor.core.publisher.Mono;
 
@@ -36,7 +36,7 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebFluxTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebfluxResourceServerSecurity
 @Import({ SecurityConfig.class })
 public class GreetingControllerFluentApiTest {
 	static final AnonymousAuthenticationToken ANONYMOUS =
diff --git a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
index 099afe2bd..1c133d412 100644
--- a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
+++ b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
@@ -23,18 +23,16 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import reactor.core.publisher.Mono;
 
@@ -44,10 +42,8 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 
-// Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebfluxComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
index b60603e94..4380e777c 100644
--- a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
+++ b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
@@ -1,6 +1,8 @@
 package com.c4_soft.springaddons.samples.webflux_jwtauthenticationtoken;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
@@ -15,6 +17,7 @@
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureWebTestClient
 @ImportAutoConfiguration({ AddonsWebfluxTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTests {
 	@Autowired
 	WebTestClient api;
diff --git a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
index c4d14f329..9553ad0ae 100644
--- a/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
+++ b/samples/webflux-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
@@ -16,13 +16,11 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -30,10 +28,8 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 
-// Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebfluxComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webflux-jwt-default/pom.xml b/samples/webflux-jwt-default/pom.xml
index 306923f66..e141f1140 100644
--- a/samples/webflux-jwt-default/pom.xml
+++ b/samples/webflux-jwt-default/pom.xml
@@ -21,9 +21,13 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		
 		<dependency>
@@ -40,7 +44,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java b/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
index b66a57d81..f27433c73 100644
--- a/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
+++ b/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageService.java
@@ -13,7 +13,6 @@
 package com.c4_soft.springaddons.samples.webflux_jwtauthenticationtoken;
 
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.stereotype.Service;
@@ -34,8 +33,7 @@ public Mono<String> getSecret() {
 
 	@PreAuthorize("isAuthenticated()")
 	public Mono<String> greet(JwtAuthenticationToken who) {
-		final String msg =
-				String.format("Hello %s! You are granted with %s.", who.getName(), who.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList());
+		final String msg = String.format("Hello %s! You are granted with %s.", who.getName(), who.getAuthorities());
 		return Mono.just(msg);
 	}
 
diff --git a/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java b/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
index d992ce588..735afa821 100644
--- a/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
+++ b/samples/webflux-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecurityConfig.java
@@ -5,7 +5,7 @@
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.ResourceServerAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerAuthorizeExchangeSpecPostProcessor;
 
 @EnableReactiveMethodSecurity()
 @Configuration
diff --git a/samples/webflux-jwt-default/src/main/resources/application.yml b/samples/webflux-jwt-default/src/main/resources/application.yml
index e13808594..0c9e9f54a 100644
--- a/samples/webflux-jwt-default/src/main/resources/application.yml
+++ b/samples/webflux-jwt-default/src/main/resources/application.yml
@@ -8,30 +8,31 @@ auth0-issuer: https://dev-ch4mpy.eu.auth0.com/
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
 
 server:
   error:
@@ -48,6 +49,7 @@ logging:
     org:
       springframework:
         security: DEBUG
+        boot: INFO
         
 management:
   endpoint:
diff --git a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
index 3c121e274..1522361f5 100644
--- a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
+++ b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
@@ -24,22 +24,18 @@
 import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
-import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.test.context.support.WithAnonymousUser;
-import org.springframework.web.server.ServerWebExchange;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
 
 import reactor.core.publisher.Mono;
 
@@ -50,7 +46,7 @@
  */
 
 @WebFluxTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebfluxResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
@@ -61,15 +57,6 @@ class GreetingControllerAnnotatedTest {
 	@Autowired
 	WebTestClientSupport api;
 
-	@Autowired
-	SpringAddonsSecurityProperties securityProps;
-
-	@Autowired
-	Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter;
-
-	@Autowired
-	ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
-
 	@Autowired
 	WithJwt.AuthenticationFactory authFactory;
 
diff --git a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
index 679f17f56..ce60c379a 100644
--- a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
+++ b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
@@ -27,9 +27,9 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
 
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.MockAuthenticationWebTestClientConfigurer;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsWebSecurity;
 
 import reactor.core.publisher.Mono;
 
@@ -37,7 +37,7 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebFluxTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebfluxResourceServerSecurity
 @Import({ SecurityConfig.class })
 public class GreetingControllerFluentApiTest {
 	private static final Authentication ANONYMOUS_AUTHENTICATION =
diff --git a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
index c6ec76bb0..5df31331b 100644
--- a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
+++ b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/MessageServiceTests.java
@@ -26,7 +26,6 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -37,12 +36,10 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 import reactor.core.publisher.Mono;
 
@@ -53,9 +50,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebfluxComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
index c9a989922..858e7e675 100644
--- a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
+++ b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SampleApiIntegrationTests.java
@@ -1,33 +1,39 @@
 package com.c4_soft.springaddons.samples.webflux_jwtauthenticationtoken;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
 
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 @AutoConfigureWebTestClient
-@ImportAutoConfiguration({ AddonsWebfluxTestConf.class })
+@Import({ AddonsWebfluxTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTests {
 	@Autowired
 	WebTestClient api;
 
 	@Test
 	void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception {
-		api.get().uri("https://localhost/greet").exchange().expectStatus().isUnauthorized();
+		api.get().uri("/greet").exchange().expectStatus().isUnauthorized();
 	}
 
 	@Test
 	@WithJwt("ch4mp.json")
 	void givenUserIsCh4mpy_whenGetGreet_thenOk() throws Exception {
-		api.get().uri("https://localhost/greet").exchange().expectBody(String.class)
-				.isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
+		// @formatter:off
+		api.get().uri("/greet").exchange()
+			.expectStatus().isOk()
+			.expectBody(String.class).isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
+		// @formatter:on
 	}
 
 }
diff --git a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
index 6b988c53e..c07a7757c 100644
--- a/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
+++ b/samples/webflux-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webflux_jwtauthenticationtoken/SecretRepoTest.java
@@ -16,13 +16,10 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -31,9 +28,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebfluxComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webflux-jwt-oauthentication/pom.xml b/samples/webflux-jwt-oauthentication/pom.xml
index 5471981cf..0f460ed57 100644
--- a/samples/webflux-jwt-oauthentication/pom.xml
+++ b/samples/webflux-jwt-oauthentication/pom.xml
@@ -19,9 +19,13 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		
 		<dependency>
@@ -38,7 +42,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingController.java b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingController.java
index eb988d1c2..0e0935960 100644
--- a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingController.java
+++ b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingController.java
@@ -8,8 +8,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 import reactor.core.publisher.Mono;
diff --git a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageService.java b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageService.java
index c533fdfd9..91a13ab18 100644
--- a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageService.java
+++ b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageService.java
@@ -16,8 +16,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 import reactor.core.publisher.Mono;
diff --git a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecurityConfig.java b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecurityConfig.java
index 0a6fbeba4..72178c647 100644
--- a/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecurityConfig.java
+++ b/samples/webflux-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecurityConfig.java
@@ -11,11 +11,11 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.ReactiveJwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.ResourceServerAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveJwtAbstractAuthenticationTokenConverter;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerAuthorizeExchangeSpecPostProcessor;
 
 import reactor.core.publisher.Mono;
 
@@ -26,10 +26,10 @@ public class SecurityConfig {
 	@Bean
 	ReactiveJwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter(
 			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		return jwt -> Mono.just(
 				new OAuthentication<>(
-						new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
+						new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
 						authoritiesConverter.convert(jwt.getClaims()),
 						jwt.getTokenValue()));
 	}
diff --git a/samples/webflux-jwt-oauthentication/src/main/resources/application.yml b/samples/webflux-jwt-oauthentication/src/main/resources/application.yml
index 0de95f861..40f9917ab 100644
--- a/samples/webflux-jwt-oauthentication/src/main/resources/application.yml
+++ b/samples/webflux-jwt-oauthentication/src/main/resources/application.yml
@@ -18,36 +18,37 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 logging:
   level:
     org:
       springframework:
         security: DEBUG
+        boot: INFO
         
 management:
   endpoint:
diff --git a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingControllerAnnotatedTest.java b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingControllerAnnotatedTest.java
index 44d179a73..a50536dd8 100644
--- a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingControllerAnnotatedTest.java
+++ b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/GreetingControllerAnnotatedTest.java
@@ -21,10 +21,10 @@
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxResourceServerSecurity;
 import com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
 
 import reactor.core.publisher.Mono;
 
@@ -35,7 +35,7 @@
  */
 
 @WebFluxTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebfluxResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
@@ -57,44 +57,42 @@ public void setUp() {
 
 	@Test
 	void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception {
-		api.get("https://localhost/greet").expectStatus().isUnauthorized();
+		api.get("/greet").expectStatus().isUnauthorized();
 	}
 
 	@Test
 	@WithJwt("ch4mp.json")
 	void givenUserIAuthenticated_whenGetGreet_thenOk() throws Exception {
-		api.get("https://localhost/greet").expectBody(String.class)
-				.isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
+		api.get("/greet").expectBody(String.class).isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
 	}
 
 	@Test
 	@WithJwt("ch4mp.json")
 	void givenUserIsCh4mp_whenGetGreet_thenOk() throws Exception {
-		api.get("https://localhost/greet").expectBody(String.class)
-				.isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
+		api.get("/greet").expectBody(String.class).isEqualTo("Hello ch4mp! You are granted with [USER_ROLES_EDITOR, ROLE_AUTHORIZED_PERSONNEL].");
 	}
 
 	@Test
 	@WithJwt("tonton-pirate.json")
 	void givenUserIsNotGrantedWithAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception {
-		api.get("https://localhost/secured-route").expectStatus().isForbidden();
+		api.get("/secured-route").expectStatus().isForbidden();
 	}
 
 	@Test
 	@WithJwt("ch4mp.json")
 	void givenUserIsGrantedWithAuthorizedPersonnel_whenGetSecuredRoute_thenOk() throws Exception {
-		api.get("https://localhost/secured-route").expectStatus().isOk();
+		api.get("/secured-route").expectStatus().isOk();
 	}
 
 	@Test
 	@WithJwt("tonton-pirate.json")
 	void givenUserIsNotGrantedWithAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception {
-		api.get("https://localhost/secured-method").expectStatus().isForbidden();
+		api.get("/secured-method").expectStatus().isForbidden();
 	}
 
 	@Test
 	@WithJwt("ch4mp.json")
 	void givenUserIsGrantedWithAuthorizedPersonnel_whenGetSecuredMethod_thenOk() throws Exception {
-		api.get("https://localhost/secured-method").expectStatus().isOk();
+		api.get("/secured-method").expectStatus().isOk();
 	}
 }
diff --git a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageServiceTests.java b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageServiceTests.java
index d4ae74631..c2423ff62 100644
--- a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageServiceTests.java
+++ b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/MessageServiceTests.java
@@ -20,22 +20,31 @@
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans;
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
 
 import reactor.core.publisher.Mono;
 
@@ -46,9 +55,16 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
-@SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
+@EnableAutoConfiguration(
+		exclude = {
+				ReactiveSpringAddonsOidcResourceServerBeans.class,
+				ReactiveSpringAddonsOidcClientBeans.class,
+				SpringAddonsOidcResourceServerBeans.class,
+				SpringAddonsOidcClientBeans.class })
+@SpringBootTest(classes = { WebfluxJwtOauthentication.class, MessageService.class })
+@Import({ AddonsWebfluxTestConf.class })
+@ImportAutoConfiguration({ SpringAddonsOidcProperties.class, ReactiveSpringAddonsOidcBeans.class, AuthenticationFactoriesTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SampleApiIntegrationTests.java b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SampleApiIntegrationTests.java
index 3be07af9a..5c76f8910 100644
--- a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SampleApiIntegrationTests.java
+++ b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SampleApiIntegrationTests.java
@@ -1,6 +1,8 @@
 package com.c4_soft.springaddons.samples.webflux_oidcauthentication;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
@@ -14,6 +16,7 @@
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureWebTestClient
 @ImportAutoConfiguration({ AddonsWebfluxTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTests {
 	@Autowired
 	WebTestClient api;
diff --git a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecretRepoTest.java b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecretRepoTest.java
index 7c73b73ab..b6f3a3f4f 100644
--- a/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecretRepoTest.java
+++ b/samples/webflux-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webflux_oidcauthentication/SecretRepoTest.java
@@ -16,14 +16,11 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -32,9 +29,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebfluxComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-introspecting-default/pom.xml b/samples/webmvc-introspecting-default/pom.xml
index f8311583a..99ec899ce 100644
--- a/samples/webmvc-introspecting-default/pom.xml
+++ b/samples/webmvc-introspecting-default/pom.xml
@@ -20,10 +20,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -63,7 +67,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webmvc-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java b/samples/webmvc-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java
index 3a474b44a..b2d4e99a5 100644
--- a/samples/webmvc-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java
+++ b/samples/webmvc-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java
@@ -6,7 +6,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 @Configuration
 @EnableMethodSecurity
diff --git a/samples/webmvc-introspecting-default/src/main/resources/application.yml b/samples/webmvc-introspecting-default/src/main/resources/application.yml
index d88aa2653..0ac1c6f6d 100644
--- a/samples/webmvc-introspecting-default/src/main/resources/application.yml
+++ b/samples/webmvc-introspecting-default/src/main/resources/application.yml
@@ -23,20 +23,22 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 logging:
   level:
diff --git a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
index b22a72912..e196f7ea6 100644
--- a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
+++ b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
@@ -34,8 +34,8 @@
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Unit-test a secured controller</h2>
@@ -44,7 +44,7 @@
  */
 
 @WebMvcTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebmvcResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
index 9636c0947..d22bf5c04 100644
--- a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
+++ b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
@@ -11,7 +11,7 @@
  */
 package com.c4_soft.springaddons.samples.webmvc_jwtauthenticationtoken;
 
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
+import static com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -28,15 +28,15 @@
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerFluentApiTest {
 
diff --git a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
index 3ac17a678..767bdb583 100644
--- a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
+++ b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
@@ -26,7 +26,6 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.core.Authentication;
@@ -36,11 +35,10 @@
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.test.context.TestSecurityContextHolder;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has injected dependencies</h2>
@@ -49,9 +47,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
index 088b7eb49..9283487d7 100644
--- a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
+++ b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
@@ -4,6 +4,8 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
@@ -12,8 +14,8 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Integration-test for the application</h2>
@@ -26,6 +28,7 @@
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
 @ImportAutoConfiguration({ AddonsWebmvcTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTest {
 	@Autowired
 	MockMvcSupport api;
diff --git a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
index fc757a0bc..f0d0bd9c5 100644
--- a/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
+++ b/samples/webmvc-introspecting-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
@@ -16,13 +16,11 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -31,9 +29,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-introspecting-oauthentication/pom.xml b/samples/webmvc-introspecting-oauthentication/pom.xml
index 33ae23a51..258dbb9b5 100644
--- a/samples/webmvc-introspecting-oauthentication/pom.xml
+++ b/samples/webmvc-introspecting-oauthentication/pom.xml
@@ -24,10 +24,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -67,7 +71,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
index b6800dcac..9fb3bf3e1 100644
--- a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
+++ b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
@@ -7,8 +7,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 
diff --git a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
index df17e5f7a..dddd9bb4e 100644
--- a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
+++ b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
@@ -16,8 +16,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 
diff --git a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
index 4afec7e52..d6f01859d 100644
--- a/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
+++ b/samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
@@ -14,10 +14,10 @@
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 @Configuration
 @EnableMethodSecurity
@@ -25,11 +25,11 @@ public class SecurityConfig {
 	@Bean
 	OpaqueTokenAuthenticationConverter opaqueTokenAuthenticationConverter(
 			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> new OAuthentication<>(
 				new OpenidClaimSet(
 						authenticatedPrincipal.getAttributes(),
-						addonsProperties.getIssuerProperties(authenticatedPrincipal.getAttributes().get(JwtClaimNames.ISS)).getUsernameClaim()),
+						addonsProperties.getOpProperties(authenticatedPrincipal.getAttributes().get(JwtClaimNames.ISS)).getUsernameClaim()),
 				authoritiesConverter.convert(authenticatedPrincipal.getAttributes()),
 				introspectedToken);
 	};
diff --git a/samples/webmvc-introspecting-oauthentication/src/main/resources/application.yml b/samples/webmvc-introspecting-oauthentication/src/main/resources/application.yml
index d88aa2653..0ac1c6f6d 100644
--- a/samples/webmvc-introspecting-oauthentication/src/main/resources/application.yml
+++ b/samples/webmvc-introspecting-oauthentication/src/main/resources/application.yml
@@ -23,20 +23,22 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 logging:
   level:
diff --git a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
index d4594eadb..ea7c968ee 100644
--- a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
+++ b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
@@ -29,18 +29,18 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
index 4362cafe9..d865204dc 100644
--- a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
+++ b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
@@ -11,7 +11,7 @@
  */
 package com.c4_soft.springaddons.samples.webmvc_oidcauthentication;
 
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.OidcIdAuthenticationTokenRequestPostProcessor.mockOidcId;
+import static com.c4_soft.springaddons.security.oauth2.test.webmvc.OidcIdAuthenticationTokenRequestPostProcessor.mockOidcId;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
@@ -25,17 +25,17 @@
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.OidcIdAuthenticationTokenRequestPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.OidcIdAuthenticationTokenRequestPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerFluentApiTest {
 
diff --git a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
index 9bf86d964..1f829cf38 100644
--- a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
+++ b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
@@ -19,17 +19,15 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * <h2>Unit-test a secured service or repository which has injected dependencies</h2>
@@ -38,9 +36,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
index cf7847cbb..c2fae37ba 100644
--- a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
+++ b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
@@ -4,6 +4,8 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
@@ -11,8 +13,8 @@
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Integration-test for the application</h2>
@@ -25,6 +27,7 @@
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
 @ImportAutoConfiguration({ AddonsWebmvcTestConf.class })
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTest {
 	@Autowired
 	MockMvcSupport api;
diff --git a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
index 83b9f39ad..7c4da2549 100644
--- a/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
+++ b/samples/webmvc-introspecting-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
@@ -16,13 +16,11 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -31,9 +29,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-jwt-default-jpa-authorities/pom.xml b/samples/webmvc-jwt-default-jpa-authorities/pom.xml
index b62ab3133..a0f5940fc 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/pom.xml
+++ b/samples/webmvc-jwt-default-jpa-authorities/pom.xml
@@ -32,10 +32,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -82,7 +86,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/PersistedGrantedAuthoritiesRetriever.java b/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/PersistedGrantedAuthoritiesRetriever.java
index 2f720e980..326f813a8 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/PersistedGrantedAuthoritiesRetriever.java
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/PersistedGrantedAuthoritiesRetriever.java
@@ -21,7 +21,7 @@
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/SecurityConfig.java b/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/SecurityConfig.java
index 333fb7a16..a52219675 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/SecurityConfig.java
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/SecurityConfig.java
@@ -6,8 +6,8 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 @Configuration
 @EnableMethodSecurity
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/main/resources/application.yml b/samples/webmvc-jwt-default-jpa-authorities/src/main/resources/application.yml
index a55ffd4b7..d379c370c 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/main/resources/application.yml
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/main/resources/application.yml
@@ -30,28 +30,30 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 logging:
   level:
     org:
       springframework:
         security: DEBUG
+        boot: INFO
         
 management:
   endpoint:
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerAnnotatedTest.java b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerAnnotatedTest.java
index 57b60a3dd..4e472ae8b 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerAnnotatedTest.java
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerAnnotatedTest.java
@@ -20,9 +20,12 @@
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
@@ -31,11 +34,16 @@
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
 
 import jakarta.persistence.EntityManagerFactory;
 
@@ -43,8 +51,8 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
-@Import({ SecurityConfig.class, TestUserAuthorityRepositoryConf.class })
+@Import({ TestUserAuthorityRepositoryConf.class, SecurityConfig.class })
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 class GreetingControllerAnnotatedTest {
 
 	@MockBean
@@ -57,7 +65,7 @@ class GreetingControllerAnnotatedTest {
 	WithJwt.AuthenticationFactory authFactory;
 
 	@Autowired
-	UserAuthorityRepository userAuthorityRepository;
+	SpringAddonsOidcProperties springAddonsOidcProperties;
 
 	@MockBean(name = "entityManagerFactory")
 	EntityManagerFactory entityManagerFactory;
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerFluentApiTest.java b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerFluentApiTest.java
index 208aa9d40..9973c159c 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerFluentApiTest.java
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/GreetingControllerFluentApiTest.java
@@ -11,7 +11,7 @@
  */
 package com.c4_soft.springaddons.samples.webmvc_jwtauthenticationtoken_jpa_authorities;
 
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
+import static com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -28,9 +28,9 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 import jakarta.persistence.EntityManagerFactory;
 
@@ -38,7 +38,7 @@
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(controllers = GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerFluentApiTest {
 
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/MessageServiceTests.java b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/MessageServiceTests.java
index 3e63db22d..4e036bafa 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/MessageServiceTests.java
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/MessageServiceTests.java
@@ -27,13 +27,13 @@
 import org.springframework.security.test.context.TestSecurityContextHolder;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcMinimalSecurity;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @Import(MessageServiceTests.TestConfig.class)
-@AutoConfigureAddonsSecurity
+@AutoConfigureAddonsWebmvcMinimalSecurity
 class MessageServiceTests {
 
 	@Autowired
diff --git a/samples/webmvc-jwt-default-jpa-authorities/src/test/resources/application.yml b/samples/webmvc-jwt-default-jpa-authorities/src/test/resources/application.yml
index 947f06fbe..eea6759cb 100644
--- a/samples/webmvc-jwt-default-jpa-authorities/src/test/resources/application.yml
+++ b/samples/webmvc-jwt-default-jpa-authorities/src/test/resources/application.yml
@@ -30,22 +30,23 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
         
 logging:
   level:
diff --git a/samples/webmvc-jwt-default/pom.xml b/samples/webmvc-jwt-default/pom.xml
index 97b77747c..c9afca87c 100644
--- a/samples/webmvc-jwt-default/pom.xml
+++ b/samples/webmvc-jwt-default/pom.xml
@@ -24,10 +24,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -67,7 +71,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/BasicAuthSecurityConfig.java b/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/BasicAuthSecurityConfig.java
index 3fd78f0cf..81106bf45 100644
--- a/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/BasicAuthSecurityConfig.java
+++ b/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/BasicAuthSecurityConfig.java
@@ -37,11 +37,11 @@
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.IssuerProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerHttpSecurityPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ServletConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.properties.OpenidProviderProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServletConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerHttpSecurityPostProcessor;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import jakarta.servlet.http.HttpServletRequest;
@@ -68,7 +68,7 @@ public class BasicAuthSecurityConfig {
 	SecurityFilterChain basicAuthFilterChain(
 			HttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties,
+			SpringAddonsOidcProperties addonsProperties,
 			TokenEndpointsProperties tokenEndpointsProperties,
 			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver,
 			ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
@@ -88,13 +88,14 @@ SecurityFilterChain basicAuthFilterChain(
 			return new User(username, "", List.of());
 		});
 
-		final var keycloakIssuer = Stream.of(addonsProperties.getIssuers()).filter(iss -> iss.getLocation().toString().contains("/realms/")).findAny()
-				.map(IssuerProperties::getLocation).orElse(null);
+		final var keycloakIssuer = Stream.of(addonsProperties.getOps()).filter(iss -> iss.getIss().toString().contains("/realms/")).findAny()
+				.map(OpenidProviderProperties::getIss).orElse(null);
 		final var keycloakBaseUri = UriComponentsBuilder.fromUri(keycloakIssuer).replacePath(null).build().toString();
 
 		http.authenticationManager(new KeycloakPasswordFlowAuthenticationManager(keycloakBaseUri, tokenEndpointsProperties, authenticationManagerResolver));
 
-		ServletConfigurationSupport.configureResourceServer(http, serverProperties, addonsProperties, authorizePostProcessor, httpPostProcessor);
+		ServletConfigurationSupport
+				.configureResourceServer(http, serverProperties, addonsProperties.getResourceserver(), authorizePostProcessor, httpPostProcessor);
 
 		return http.build();
 	}
diff --git a/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/OAuth2SecurityConfig.java b/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/OAuth2SecurityConfig.java
index 5f771fdcf..c157ee7ca 100644
--- a/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/OAuth2SecurityConfig.java
+++ b/samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/OAuth2SecurityConfig.java
@@ -6,7 +6,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 @Configuration
 @EnableMethodSecurity
diff --git a/samples/webmvc-jwt-default/src/main/resources/application.yml b/samples/webmvc-jwt-default/src/main/resources/application.yml
index f3d331c01..dc17fb7e6 100644
--- a/samples/webmvc-jwt-default/src/main/resources/application.yml
+++ b/samples/webmvc-jwt-default/src/main/resources/application.yml
@@ -19,30 +19,31 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 token-endpoints:
   realms:
diff --git a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
index 898a1b2ee..faf99c57f 100644
--- a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
+++ b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerAnnotatedTest.java
@@ -36,8 +36,8 @@
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.AuthenticationSource;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Unit-test a secured controller</h2>
@@ -46,7 +46,7 @@
  */
 
 @WebMvcTest(GreetingController.class) // Use WebFluxTest or WebMvcTest
-@AutoConfigureAddonsWebSecurity // If your web-security depends on it, setup spring-addons security
+@AutoConfigureAddonsWebmvcResourceServerSecurity // If your web-security depends on it, setup spring-addons security
 @Import({ OAuth2SecurityConfig.class }) // Import your web-security configuration
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
index 1e7a0a38a..a6863d718 100644
--- a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
+++ b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/GreetingControllerFluentApiTest.java
@@ -11,7 +11,7 @@
  */
 package com.c4_soft.springaddons.samples.webmvc_jwtauthenticationtoken;
 
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
+import static com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor.mockAuthentication;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -28,15 +28,15 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockAuthenticationRequestPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockAuthenticationRequestPostProcessor;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ OAuth2SecurityConfig.class })
 class GreetingControllerFluentApiTest {
 
diff --git a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
index 31da41677..3cb4dab64 100644
--- a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
+++ b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/MessageServiceTests.java
@@ -21,7 +21,6 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -31,11 +30,9 @@
 import org.springframework.security.test.context.TestSecurityContextHolder;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithMockAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has injected dependencies</h2>
@@ -44,9 +41,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { OAuth2SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
index 9f5692a90..b5f0ad9f9 100644
--- a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
+++ b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SampleApiIntegrationTest.java
@@ -5,14 +5,14 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.context.annotation.Import;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Integration-test for the application</h2>
@@ -22,9 +22,9 @@
  *
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 @AutoConfigureMockMvc
-@ImportAutoConfiguration({ AddonsWebmvcTestConf.class })
+@Import({ AddonsWebmvcTestConf.class })
 class SampleApiIntegrationTest {
 
 	@Autowired
diff --git a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
index ae99856d1..b1ef18af4 100644
--- a/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
+++ b/samples/webmvc-jwt-default/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecretRepoTest.java
@@ -16,13 +16,10 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -31,9 +28,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { OAuth2SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-jwt-oauthentication/pom.xml b/samples/webmvc-jwt-oauthentication/pom.xml
index 038504f6a..9f4bfc097 100644
--- a/samples/webmvc-jwt-oauthentication/pom.xml
+++ b/samples/webmvc-jwt-oauthentication/pom.xml
@@ -24,10 +24,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -67,7 +71,7 @@
 
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-test</artifactId>
+			<artifactId>spring-addons-starter-oidc-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
diff --git a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
index b6800dcac..9fb3bf3e1 100644
--- a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
+++ b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingController.java
@@ -7,8 +7,8 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 
diff --git a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
index df17e5f7a..dddd9bb4e 100644
--- a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
+++ b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageService.java
@@ -16,8 +16,8 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 import lombok.RequiredArgsConstructor;
 
diff --git a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
index 754695f6b..964afd4ec 100644
--- a/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
+++ b/samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java
@@ -12,11 +12,11 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
 
 @Configuration
 @EnableMethodSecurity
@@ -24,9 +24,9 @@ public class SecurityConfig {
 	@Bean
 	JwtAbstractAuthenticationTokenConverter authenticationConverter(
 			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		return jwt -> new OAuthentication<>(
-				new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
+				new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getClaims().get(JwtClaimNames.ISS)).getUsernameClaim()),
 				authoritiesConverter.convert(jwt.getClaims()),
 				jwt.getTokenValue());
 
diff --git a/samples/webmvc-jwt-oauthentication/src/main/resources/application.yml b/samples/webmvc-jwt-oauthentication/src/main/resources/application.yml
index 0de95f861..d7bf98252 100644
--- a/samples/webmvc-jwt-oauthentication/src/main/resources/application.yml
+++ b/samples/webmvc-jwt-oauthentication/src/main/resources/application.yml
@@ -18,36 +18,38 @@ spring:
 com:
   c4-soft:
     springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
+      oidc:
+        ops:
+        - iss: ${keycloak-issuer}
           username-claim: preferred_username
           authorities:
           - path: $.realm_access.roles
           - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
+        - iss: ${cognito-issuer}
           username-claim: username
           authorities:
           - path: cognito:groups
-        - location: ${auth0-issuer}
+        - iss: ${auth0-issuer}
           username-claim: $['https://c4-soft.com/user']['name']
           authorities:
           - path: $['https://c4-soft.com/user']['roles']
           - path: $.permissions
-        permit-all:
-        - "/greet/public"
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
+        resourceserver:
+          permit-all:
+          - "/greet/public"
+          - "/actuator/health/readiness"
+          - "/actuator/health/liveness"
+          - "/v3/api-docs/**"
+          cors:
+          - path: /**
+            allowed-origin-patterns: ${origins}
         
 logging:
   level:
     org:
       springframework:
         security: DEBUG
+        boot: INFO
         
 management:
   endpoint:
diff --git a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
index 69b903863..c49170650 100644
--- a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
+++ b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerAnnotatedTest.java
@@ -23,17 +23,17 @@
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerAnnotatedTest {
 
diff --git a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
index 282a5ae10..d865204dc 100644
--- a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
+++ b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/GreetingControllerFluentApiTest.java
@@ -11,7 +11,7 @@
  */
 package com.c4_soft.springaddons.samples.webmvc_oidcauthentication;
 
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.OidcIdAuthenticationTokenRequestPostProcessor.mockOidcId;
+import static com.c4_soft.springaddons.security.oauth2.test.webmvc.OidcIdAuthenticationTokenRequestPostProcessor.mockOidcId;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
@@ -25,17 +25,17 @@
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.OidcIdAuthenticationTokenRequestPostProcessor;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.OidcIdAuthenticationTokenRequestPostProcessor;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * @author Jérôme Wacongne &lt;ch4mp&#64;c4-soft.com&gt;
  */
 @WebMvcTest(GreetingController.class)
-@AutoConfigureAddonsWebSecurity
+@AutoConfigureAddonsWebmvcResourceServerSecurity
 @Import({ SecurityConfig.class })
 class GreetingControllerFluentApiTest {
 
diff --git a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
index 910125aac..96dde8777 100644
--- a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
+++ b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/MessageServiceTests.java
@@ -23,19 +23,16 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * <h2>Unit-test a secured service or repository which has injected dependencies</h2>
@@ -44,9 +41,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, MessageService.class })
-@AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
 	// auto-wire tested component
diff --git a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
index 74a8becb5..35f0430bb 100644
--- a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
+++ b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SampleApiIntegrationTest.java
@@ -6,20 +6,23 @@
 import java.util.stream.Stream;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.context.annotation.Import;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.parameterized.ParameterizedAuthentication;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsWebSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.MockMvcSupport;
 
 /**
  * <h2>Integration-test for the application</h2>
@@ -31,7 +34,8 @@
  */
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
-@AutoConfigureAddonsWebSecurity
+@Import(AddonsWebmvcTestConf.class)
+@TestInstance(Lifecycle.PER_CLASS)
 class SampleApiIntegrationTest {
 
 	@Autowired
diff --git a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
index 0b975ff8c..bb092ca0f 100644
--- a/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
+++ b/samples/webmvc-jwt-oauthentication/src/test/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecretRepoTest.java
@@ -16,14 +16,11 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt.AutoConfigureAddonsSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
 
 /**
  * <h2>Unit-test a secured service or repository which has no dependencies</h2>
@@ -32,9 +29,8 @@
  */
 
 // Import security configuration and test component
-@EnableAutoConfiguration(exclude = { AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class })
+@AddonsWebmvcComponentTest
 @SpringBootTest(classes = { SecurityConfig.class, SecretRepo.class })
-@AutoConfigureAddonsSecurity
 class SecretRepoTest {
 
 	// auto-wire tested component
diff --git a/spring-addons-oauth2-test/pom.xml b/spring-addons-oauth2-test/pom.xml
index ee9ebfb51..c80f24dd5 100644
--- a/spring-addons-oauth2-test/pom.xml
+++ b/spring-addons-oauth2-test/pom.xml
@@ -15,10 +15,15 @@
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 
 	<dependencies>
+		<dependency>
+			<groupId>com.c4-soft.springaddons</groupId>
+			<artifactId>spring-addons-oauth2</artifactId>
+		</dependency>
+		
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-oauth2-client</artifactId>
@@ -27,10 +32,6 @@
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-oauth2-resource-server</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-oauth2</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-test-autoconfigure</artifactId>
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/AuthenticationBuilder.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationBuilder.java
similarity index 94%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/AuthenticationBuilder.java
rename to spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationBuilder.java
index 112f06d2a..d670dcf59 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/AuthenticationBuilder.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationBuilder.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oauth2.test;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OAuthenticationTestingBuilder.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OAuthenticationTestingBuilder.java
index c8e31401c..5ac38e15a 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OAuthenticationTestingBuilder.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OAuthenticationTestingBuilder.java
@@ -19,9 +19,8 @@
 
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import com.c4_soft.springaddons.security.oauth2.AuthenticationBuilder;
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 public class OAuthenticationTestingBuilder<T extends OAuthenticationTestingBuilder<T>> implements AuthenticationBuilder<OAuthentication<OpenidClaimSet>> {
 
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OpenidClaimSetBuilder.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OpenidClaimSetBuilder.java
index 71682419c..c5e4dd3b4 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OpenidClaimSetBuilder.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/OpenidClaimSetBuilder.java
@@ -22,8 +22,8 @@
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.util.StringUtils;
 
-import com.c4_soft.springaddons.security.oauth2.ModifiableClaimSet;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.ModifiableClaimSet;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * https://openid.net/specs/openid-connect-core-1_0.html
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/Claims.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/Claims.java
index 28a70d87e..5463ab901 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/Claims.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/Claims.java
@@ -23,7 +23,7 @@
 import java.text.SimpleDateFormat;
 import java.util.Date;
 
-import com.c4_soft.springaddons.security.oauth2.ModifiableClaimSet;
+import com.c4_soft.springaddons.security.oidc.ModifiableClaimSet;
 
 @Target({ ElementType.METHOD, ElementType.TYPE })
 @Retention(RetentionPolicy.RUNTIME)
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/OpenId.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/OpenId.java
index 0e4b3ea06..2ae434fa4 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/OpenId.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/OpenId.java
@@ -23,8 +23,8 @@
 import org.springframework.security.test.context.support.TestExecutionEvent;
 import org.springframework.security.test.context.support.WithSecurityContext;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * Annotation to setup test {@link SecurityContext} with an {@link OAuthentication}. Sample usage:
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OpenIdAuthenticationSource.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OpenIdAuthenticationSource.java
index 0aa05c32a..f024cf947 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OpenIdAuthenticationSource.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OpenIdAuthenticationSource.java
@@ -14,10 +14,10 @@
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.support.AnnotationConsumer;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.OpenId;
 import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * <p>
diff --git a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOpenId.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOpenId.java
index 370564a2a..4384a565a 100644
--- a/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOpenId.java
+++ b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOpenId.java
@@ -9,8 +9,8 @@
 import org.junit.jupiter.params.converter.TypedArgumentConverter;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 /**
  * <p>
diff --git a/spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/ByteArrayHttpOutputMessage.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/ByteArrayHttpOutputMessage.java
similarity index 100%
rename from spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/ByteArrayHttpOutputMessage.java
rename to spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/ByteArrayHttpOutputMessage.java
diff --git a/spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/ConversionFailedException.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/ConversionFailedException.java
similarity index 100%
rename from spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/ConversionFailedException.java
rename to spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/ConversionFailedException.java
diff --git a/spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/SerializationHelper.java b/spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/SerializationHelper.java
similarity index 100%
rename from spring-addons-web-test/src/main/java/com/c4_soft/springaddons/test/support/web/SerializationHelper.java
rename to spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/test/support/web/SerializationHelper.java
diff --git a/spring-addons-oauth2/README.MD b/spring-addons-oauth2/README.MD
deleted file mode 100644
index 9e008d255..000000000
--- a/spring-addons-oauth2/README.MD
+++ /dev/null
@@ -1,3 +0,0 @@
-# spring-security OAuth2 addons
-
-This a base library for [`spring-addons-webmvc-jwt-resource-server`](https://github.com/ch4mpy/spring-addons/tree/master/webmvc/spring-addons-webmvc-jwt-resource-server) and [`spring-addons-webflux-jwt-resource-server`](https://github.com/ch4mpy/spring-addons/tree/master/webflux/spring-addons-webflux-jwt-resource-server). It is hardly usable on its own, please refer to either READMEs.
diff --git a/spring-addons-oauth2/license.txt b/spring-addons-oauth2/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/spring-addons-oauth2/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/spring-addons-oauth2/lombok.config b/spring-addons-oauth2/lombok.config
deleted file mode 100644
index 8f7e8aa1a..000000000
--- a/spring-addons-oauth2/lombok.config
+++ /dev/null
@@ -1 +0,0 @@
-lombok.addLombokGeneratedAnnotation = true
\ No newline at end of file
diff --git a/spring-addons-oauth2/pom.xml b/spring-addons-oauth2/pom.xml
index 07f719432..023ccddb8 100644
--- a/spring-addons-oauth2/pom.xml
+++ b/spring-addons-oauth2/pom.xml
@@ -14,7 +14,7 @@
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 	
 	<dependencies>
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java
deleted file mode 100644
index c98681d61..000000000
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java
+++ /dev/null
@@ -1,235 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config;
-
-import java.net.URI;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.stream.Stream;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.context.properties.NestedConfigurationProperty;
-import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
-
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-/**
- * <p>
- * Would better be named "SpringAddonsOAuth2ResourceServerProperties" and use "com.c4-soft.springaddons.security.resource-server" as prefix to better
- * distinguish it from {@link SpringAddonsOAuth2ClientProperties}. But the later was created later and keeping this name and prefix prevents from anoying
- * breaking changes.
- * </p>
- * Here are defaults:
- *
- * <pre>
- * com.c4-soft.springaddons.security.issuers[0].location=https://localhost:8443/realms/master
- * com.c4-soft.springaddons.security.issuers[0].authorities[0].path=realm_access.roles
- * com.c4-soft.springaddons.security.issuers[0].authorities[0].prefix=
- * com.c4-soft.springaddons.security.issuers[0].authorities[0].caze=UNCHANGED
- * com.c4-soft.springaddons.security.statless-sessions=true
- * com.c4-soft.springaddons.security.csrf-enabled=true
- * com.c4-soft.springaddons.security.permit-all=
- * com.c4-soft.springaddons.security.redirect-to-login-if-unauthorized-on-restricted-content=true
- * </pre>
- *
- * Default conf for CORS being an empty array, CORS is disabled. To enable it (following is very permissive, define something more restrictive):
- *
- * <pre>
- * com.c4-soft.springaddons.security.cors[0].path=/**
- * </pre>
- *
- * @author ch4mp
- */
-@Data
-@AutoConfiguration
-@ConfigurationProperties(prefix = "com.c4-soft.springaddons.security")
-public class SpringAddonsSecurityProperties {
-	/**
-	 * If false, all resource-server web auto-configuration is disabled (only the authorities converter {@link ConditionalOnMissingBean} is provided)
-	 */
-	private boolean enabled = true;
-
-	/**
-	 * issuer URI, JWK set URI as well as authorities mapping configuration for each issuer. A minimum of one issuer must be defined.
-	 */
-	@NestedConfigurationProperty
-	private IssuerProperties[] issuers = {};
-
-	/**
-	 * Fine grained CORS configuration per path. If left empty, CORS is disabled.
-	 */
-	@NestedConfigurationProperty
-	private CorsProperties[] cors = {};
-
-	/**
-	 * Path matchers for resources accessible to anonymous
-	 */
-	private String[] permitAll = {};
-
-	/**
-	 * Whether to return "302 redirect to login" or "401 unauthorized" for requests with missing or invalid authorization. It should remain false, manipulate
-	 * with caution.
-	 */
-	private boolean redirectToLoginIfUnauthorizedOnRestrictedContent = false;
-
-	/**
-	 * Whether to disable sessions. It should remain true.
-	 */
-	private boolean statlessSessions = true;
-
-	/**
-	 * How to configure CSRF protection. Default is disabled CSRF protection if sessions are disabled and session based protection if sessions are enabled.
-	 */
-	private Csrf csrf = Csrf.DEFAULT;
-
-	/**
-	 * @param  iss                                              the issuer URI string
-	 * @return                                                  configuration properties associated with the provided issuer URI
-	 * @throws MissingAuthorizationServerConfigurationException if configuration properties don not have an entry for the exact issuer (even trailing slash is
-	 *                                                          important)
-	 */
-	public IssuerProperties getIssuerProperties(String iss) throws MissingAuthorizationServerConfigurationException {
-		return Stream.of(issuers).filter(issuerProps -> Objects.equals(Optional.ofNullable(issuerProps.getLocation()).map(URI::toString).orElse(null), iss))
-				.findAny().orElseThrow(() -> new MissingAuthorizationServerConfigurationException(iss));
-	}
-
-	/**
-	 * @param  iss                                              the issuer URL
-	 * @return                                                  configuration properties associated with the provided issuer URI
-	 * @throws MissingAuthorizationServerConfigurationException if configuration properties don not have an entry for the exact issuer (even trailing slash is
-	 *                                                          important)
-	 */
-	public IssuerProperties getIssuerProperties(Object iss) throws MissingAuthorizationServerConfigurationException {
-		if (iss == null && issuers.length == 1) {
-			return issuers[0];
-		}
-		return getIssuerProperties(Optional.ofNullable(iss).map(Object::toString).orElse(null));
-	}
-
-	@Data
-	public static class CorsProperties {
-		/**
-		 * Path matcher to which this configuration entry applies
-		 */
-		private String path = "/**";
-
-		/**
-		 * Default is "*" which allows all origins
-		 */
-		private String[] allowedOrigins = { "*" };
-
-		/**
-		 * Default is "*" which allows all methods
-		 */
-		private String[] allowedMethods = { "*" };
-
-		/**
-		 * Default is "*" which allows all headers
-		 */
-		private String[] allowedHeaders = { "*" };
-
-		/**
-		 * Default is "*" which exposes all headers
-		 */
-		private String[] exposedHeaders = { "*" };
-	}
-
-	@Data
-	public static class IssuerProperties {
-		/**
-		 * Can be omitted if jwk-set-uri is provided. If provided, it must be exactly the same as in access tokens (even trailing slash, if any, is important).
-		 * In case of doubt, open one of your access tokens with a tool like https://jwt.io
-		 */
-		private URI location;
-
-		/**
-		 * Can be omitted if issuer-uri is provided
-		 */
-		private URI jwkSetUri;
-
-		/**
-		 * Can be omitted. Will insert a validator if not null or empty
-		 */
-		private String audience;
-
-		/**
-		 * Authorities mapping configuration, per claim
-		 */
-		@NestedConfigurationProperty
-		private SimpleAuthoritiesMappingProperties[] authorities = { new SimpleAuthoritiesMappingProperties() };
-
-		/**
-		 * JSON path for the claim to use as "name" source
-		 */
-		private String usernameClaim = StandardClaimNames.SUB;
-	}
-
-	/**
-	 * Configuration for {@link ConfigurableClaimSetAuthoritiesConverter}
-	 *
-	 * @author ch4mp
-	 */
-	@Data
-	@NoArgsConstructor
-	@AllArgsConstructor
-	public static class SimpleAuthoritiesMappingProperties {
-		/**
-		 * JSON path of the claim(s) to map with this properties
-		 */
-		private String path = "$.realm_access.roles";
-
-		/**
-		 * What to prefix authorities with (for instance "ROLE_" or "SCOPE_")
-		 */
-		private String prefix = "";
-
-		/**
-		 * Whether to transform authorities to uppercase, lowercase, or to leave it unchanged
-		 */
-		private Case caze = Case.UNCHANGED;
-	}
-
-	public static enum Case {
-		UNCHANGED, UPPER, LOWER
-	}
-
-	/**
-	 * <ul>
-	 * <li>DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)</li>
-	 * <li>DISABLE disables CSRF protection. The default value for resource servers, but <b>you should really not be doing that on a client!</b></li>
-	 * <li>SESSION stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with
-	 * a JS application (written with Angular, React, Vue, etc.)</li>
-	 * <li>COOKIE_HTTP_ONLY stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)</li>
-	 * <li>COOKIE_ACCESSIBLE_FROM_JS stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps</li>
-	 * </ul>
-	 *
-	 * @author ch4mp
-	 */
-	public static enum Csrf {
-		/**
-		 * Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
-		 */
-		DEFAULT,
-		/**
-		 * Disables CSRF protection. The default value for resource servers, but <b>you should really not be doing that on a client!</b>
-		 */
-		DISABLE,
-		/**
-		 * Stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS
-		 * application (written with Angular, React, Vue, etc.)
-		 */
-		SESSION,
-		/**
-		 * Stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)
-		 */
-		COOKIE_HTTP_ONLY,
-		/**
-		 * Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps. To be used when sessions are enabled and queries are issued with Angular, React, Vue,
-		 * etc.
-		 */
-		COOKIE_ACCESSIBLE_FROM_JS
-	}
-
-}
\ No newline at end of file
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ClaimSet.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ClaimSet.java
similarity index 95%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ClaimSet.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ClaimSet.java
index 8258ec1e7..be921af88 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ClaimSet.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ClaimSet.java
@@ -1,126 +1,126 @@
-/*
- * Copyright 2019 Jérôme Wacongne
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
- * License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
- */
-package com.c4_soft.springaddons.security.oauth2;
-
-import java.io.Serializable;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.time.Instant;
-import java.util.Collection;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-import org.springframework.lang.Nullable;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-import com.jayway.jsonpath.JsonPath;
-
-/**
- * Claim-sets are collections of key-value pairs, so lets extend {@code Map<String, Object>}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-public interface ClaimSet extends Map<String, Object>, Serializable {
-
-	default <T> T getByJsonPath(String jsonPath) {
-		return JsonPath.read(this, jsonPath);
-	}
-
-	default String getAsString(String name) {
-		final var claim = get(name);
-		return claim == null ? null : claim.toString();
-	}
-
-	default @Nullable Instant getAsInstant(String name) {
-		final var claim = get(name);
-		if (claim == null) {
-			return null;
-		}
-		if (claim instanceof final Long l) {
-			return Instant.ofEpochSecond(l);
-		}
-		if (claim instanceof final Instant instant) {
-			return instant;
-		}
-		if (claim instanceof final String str) {
-			return Instant.parse(str);
-		}
-		throw new UnparsableClaimException("claim " + name + " is of unsupported type " + claim.getClass().getName());
-	}
-
-	default @Nullable Set<String> getAsStringSet(String name) {
-		final var claim = get(name);
-		if (claim == null) {
-			return null;
-		}
-		if (claim instanceof final Collection<?> collection) {
-			return collection.stream().flatMap(o -> Stream.of(o.toString().split(" "))).collect(Collectors.toSet());
-		}
-		return Stream.of(claim.toString().split(" ")).collect(Collectors.toSet());
-	}
-
-	default @Nullable URI getAsUri(String name) throws URISyntaxException {
-		final var claim = get(name);
-		if (claim == null) {
-			return null;
-		}
-		if (claim instanceof final URI uri) {
-			return uri;
-		}
-		return new URI(claim.toString());
-	}
-
-	default @Nullable Boolean getAsBoolean(String name) {
-		final var claim = get(name);
-		if (claim == null) {
-			return null;
-		}
-		if (claim instanceof final Boolean b) {
-			return b;
-		}
-		return Boolean.valueOf(claim.toString());
-	}
-
-	default ClaimSet claim(String claimName, String claimValue) {
-		Assert.hasLength(claimName, "claimName can't be empty");
-		if (StringUtils.hasLength(claimValue)) {
-			put(claimName, claimValue);
-		} else {
-			remove(claimName);
-		}
-		return this;
-	}
-
-	default ClaimSet claim(String claimName, Collection<?> claimValue) {
-		Assert.hasLength(claimName, "claimName can't be empty");
-		if (claimValue == null || claimValue.isEmpty()) {
-			remove(claimName);
-		} else {
-			put(claimName, claimValue);
-		}
-		return this;
-	}
-
-	default ClaimSet claim(String claimName, Object claimValue) {
-		Assert.hasLength(claimName, "claimName can't be empty");
-		if (claimValue == null) {
-			remove(claimName);
-		} else {
-			put(claimName, claimValue);
-		}
-		return this;
-	}
-
-}
+/*
+ * Copyright 2019 Jérôme Wacongne
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+package com.c4_soft.springaddons.security.oidc;
+
+import java.io.Serializable;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.time.Instant;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import org.springframework.lang.Nullable;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import com.jayway.jsonpath.JsonPath;
+
+/**
+ * Claim-sets are collections of key-value pairs, so lets extend {@code Map<String, Object>}
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ */
+public interface ClaimSet extends Map<String, Object>, Serializable {
+
+	default <T> T getByJsonPath(String jsonPath) {
+		return JsonPath.read(this, jsonPath);
+	}
+
+	default String getAsString(String name) {
+		final var claim = get(name);
+		return claim == null ? null : claim.toString();
+	}
+
+	default @Nullable Instant getAsInstant(String name) {
+		final var claim = get(name);
+		if (claim == null) {
+			return null;
+		}
+		if (claim instanceof final Long l) {
+			return Instant.ofEpochSecond(l);
+		}
+		if (claim instanceof final Instant instant) {
+			return instant;
+		}
+		if (claim instanceof final String str) {
+			return Instant.parse(str);
+		}
+		throw new UnparsableClaimException("claim " + name + " is of unsupported type " + claim.getClass().getName());
+	}
+
+	default @Nullable Set<String> getAsStringSet(String name) {
+		final var claim = get(name);
+		if (claim == null) {
+			return null;
+		}
+		if (claim instanceof final Collection<?> collection) {
+			return collection.stream().flatMap(o -> Stream.of(o.toString().split(" "))).collect(Collectors.toSet());
+		}
+		return Stream.of(claim.toString().split(" ")).collect(Collectors.toSet());
+	}
+
+	default @Nullable URI getAsUri(String name) throws URISyntaxException {
+		final var claim = get(name);
+		if (claim == null) {
+			return null;
+		}
+		if (claim instanceof final URI uri) {
+			return uri;
+		}
+		return new URI(claim.toString());
+	}
+
+	default @Nullable Boolean getAsBoolean(String name) {
+		final var claim = get(name);
+		if (claim == null) {
+			return null;
+		}
+		if (claim instanceof final Boolean b) {
+			return b;
+		}
+		return Boolean.valueOf(claim.toString());
+	}
+
+	default ClaimSet claim(String claimName, String claimValue) {
+		Assert.hasLength(claimName, "claimName can't be empty");
+		if (StringUtils.hasLength(claimValue)) {
+			put(claimName, claimValue);
+		} else {
+			remove(claimName);
+		}
+		return this;
+	}
+
+	default ClaimSet claim(String claimName, Collection<?> claimValue) {
+		Assert.hasLength(claimName, "claimName can't be empty");
+		if (claimValue == null || claimValue.isEmpty()) {
+			remove(claimName);
+		} else {
+			put(claimName, claimValue);
+		}
+		return this;
+	}
+
+	default ClaimSet claim(String claimName, Object claimValue) {
+		Assert.hasLength(claimName, "claimName can't be empty");
+		if (claimValue == null) {
+			remove(claimName);
+		} else {
+			put(claimName, claimValue);
+		}
+		return this;
+	}
+
+}
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/DelegatingMap.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/DelegatingMap.java
similarity index 97%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/DelegatingMap.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/DelegatingMap.java
index 8439958c7..6120b7adf 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/DelegatingMap.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/DelegatingMap.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oidc;
 
 import java.util.Collection;
 import java.util.HashMap;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ModifiableClaimSet.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ModifiableClaimSet.java
similarity index 96%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ModifiableClaimSet.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ModifiableClaimSet.java
index f3a0c7b32..61e0faad3 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/ModifiableClaimSet.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/ModifiableClaimSet.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oidc;
 
 import java.util.HashMap;
 import java.util.Map;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OAuthentication.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OAuthentication.java
similarity index 98%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OAuthentication.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OAuthentication.java
index 413b5de46..62f6f5981 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OAuthentication.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OAuthentication.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oidc;
 
 import java.io.Serializable;
 import java.security.Principal;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OpenidClaimSet.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OpenidClaimSet.java
similarity index 95%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OpenidClaimSet.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OpenidClaimSet.java
index 94170ffc7..049a73f96 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/OpenidClaimSet.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/OpenidClaimSet.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oidc;
 
 import java.security.Principal;
 import java.util.Map;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnmodifiableClaimSet.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnmodifiableClaimSet.java
similarity index 93%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnmodifiableClaimSet.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnmodifiableClaimSet.java
index f84b3f929..423910682 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnmodifiableClaimSet.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnmodifiableClaimSet.java
@@ -1,33 +1,33 @@
-/*
- * Copyright 2019 Jérôme Wacongne
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
- * License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
- */
-package com.c4_soft.springaddons.security.oauth2;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.stream.Collectors;
-
-/**
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-public class UnmodifiableClaimSet extends DelegatingMap<String, Object> implements ClaimSet {
-	private static final long serialVersionUID = 5103156342740420106L;
-
-	public UnmodifiableClaimSet(Map<String, Object> delegate) {
-		super(Collections.unmodifiableMap(new HashMap<>(delegate)));
-	}
-
-	@Override
-	public String toString() {
-		return this.entrySet().stream().map(e -> String.format("%s => %s", e.getKey(), e.getValue())).collect(Collectors.joining(", ", "[", "]"));
-	}
-}
+/*
+ * Copyright 2019 Jérôme Wacongne
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+package com.c4_soft.springaddons.security.oidc;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ */
+public class UnmodifiableClaimSet extends DelegatingMap<String, Object> implements ClaimSet {
+	private static final long serialVersionUID = 5103156342740420106L;
+
+	public UnmodifiableClaimSet(Map<String, Object> delegate) {
+		super(Collections.unmodifiableMap(new HashMap<>(delegate)));
+	}
+
+	@Override
+	public String toString() {
+		return this.entrySet().stream().map(e -> String.format("%s => %s", e.getKey(), e.getValue())).collect(Collectors.joining(", ", "[", "]"));
+	}
+}
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnparsableClaimException.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnparsableClaimException.java
similarity index 80%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnparsableClaimException.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnparsableClaimException.java
index 7f7ca6e4d..c3fed6573 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/UnparsableClaimException.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/UnparsableClaimException.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2;
+package com.c4_soft.springaddons.security.oidc;
 
 public class UnparsableClaimException extends RuntimeException {
 	private static final long serialVersionUID = 5585678138757632513L;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionHandler.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionHandler.java
similarity index 97%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionHandler.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionHandler.java
index a94d11bc9..6628c3da1 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionHandler.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionHandler.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.spring;
+package com.c4_soft.springaddons.security.oidc.spring;
 
 import java.lang.reflect.Method;
 import java.util.function.Supplier;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionRoot.java b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionRoot.java
similarity index 96%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionRoot.java
rename to spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionRoot.java
index 18b73a067..1e06ea0a0 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/spring/C4MethodSecurityExpressionRoot.java
+++ b/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oidc/spring/C4MethodSecurityExpressionRoot.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.spring;
+package com.c4_soft.springaddons.security.oidc.spring;
 
 import java.util.Optional;
 
diff --git a/spring-addons-oauth2/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-addons-oauth2/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index 5a9d80e0e..000000000
--- a/spring-addons-oauth2/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties
-com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/pom.xml b/spring-addons-starter-oidc-test/pom.xml
similarity index 54%
rename from webflux/spring-addons-webflux-test/pom.xml
rename to spring-addons-starter-oidc-test/pom.xml
index 0da9ef2e9..08cf70f66 100644
--- a/webflux/spring-addons-webflux-test/pom.xml
+++ b/spring-addons-starter-oidc-test/pom.xml
@@ -1,21 +1,21 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-
 	<parent>
 		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
+		<artifactId>spring-addons</artifactId>
 		<version>6.2.1-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
-	<artifactId>spring-addons-webflux-test</artifactId>
-	
+	<artifactId>spring-addons-starter-oidc-test</artifactId>
+
 	<url>https://github.com/ch4mpy/spring-addons/</url>
 	<scm>
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 
 	<dependencies>
@@ -25,23 +25,57 @@
 		</dependency>
 		<dependency>
 			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-core</artifactId>
+			<artifactId>spring-addons-starter-oidc</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-test</artifactId>
+			<groupId>com.jayway.jsonpath</groupId>
+			<artifactId>json-path</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>io.projectreactor</groupId>
 			<artifactId>reactor-core</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.tomcat.embed</groupId>
+			<artifactId>tomcat-embed-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter-params</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-webmvc</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-autoconfigure</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-test</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-test-autoconfigure</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-resource-server</artifactId>
+			<artifactId>spring-security-oauth2-client</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -49,29 +83,22 @@
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-client</artifactId>
+			<artifactId>spring-security-oauth2-resource-server</artifactId>
 		</dependency>
-		
 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-configuration-processor</artifactId>
-			<optional>true</optional>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
 		</dependency>
 
 		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-webflux</artifactId>
-			<scope>test</scope>
+			<artifactId>spring-boot-configuration-processor</artifactId>
+			<optional>true</optional>
 		</dependency>
 	</dependencies>
-</project>
+</project>
\ No newline at end of file
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationFactoriesTestConf.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationFactoriesTestConf.java
new file mode 100644
index 000000000..09a099c89
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/AuthenticationFactoriesTestConf.java
@@ -0,0 +1,37 @@
+package com.c4_soft.springaddons.security.oauth2.test;
+
+import java.util.Optional;
+
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
+
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
+import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
+
+import reactor.core.publisher.Mono;
+
+@Order(Ordered.LOWEST_PRECEDENCE)
+@AutoConfiguration
+public class AuthenticationFactoriesTestConf {
+
+	@Bean
+	WithJwt.AuthenticationFactory jwtAuthFactory(
+			Optional<Converter<Jwt, ? extends AbstractAuthenticationToken>> jwtAuthenticationConverter,
+			Optional<Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>> reactiveJwtAuthenticationConverter) {
+		return new WithJwt.AuthenticationFactory(jwtAuthenticationConverter, reactiveJwtAuthenticationConverter);
+	}
+
+	@Bean
+	WithOpaqueToken.AuthenticationFactory opaquetokenAuthFactory(
+			Optional<OpaqueTokenAuthenticationConverter> authenticationConverter,
+			Optional<ReactiveOpaqueTokenAuthenticationConverter> reactiveAuthenticationConverter) {
+		return new WithOpaqueToken.AuthenticationFactory(authenticationConverter, reactiveAuthenticationConverter);
+	}
+}
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxComponentTest.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxComponentTest.java
new file mode 100644
index 000000000..db77a2bf3
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxComponentTest.java
@@ -0,0 +1,34 @@
+package com.c4_soft.springaddons.security.oauth2.test.webflux;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
+
+/**
+ * To be used when testing secured components which are not controllers
+ *
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ * @see    AutoConfigureAddonsWebmvcResourceServerSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@EnableAutoConfiguration(
+		exclude = {
+				ReactiveSpringAddonsOidcResourceServerBeans.class,
+				ReactiveSpringAddonsOidcClientBeans.class,
+				SpringAddonsOidcResourceServerBeans.class,
+				SpringAddonsOidcClientBeans.class })
+@AutoConfigureAddonsWebfluxMinimalSecurity
+public @interface AddonsWebfluxComponentTest {
+
+}
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java
similarity index 67%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java
index ea54d0443..825f28db2 100644
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AddonsWebfluxTestConf.java
@@ -5,29 +5,35 @@
 
 import java.util.ArrayList;
 
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.Scope;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
 import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.web.server.ServerWebExchange;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcTestConf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 
 @TestConfiguration
-@Import({ WebTestClientProperties.class, AuthenticationFactoriesTestConf.class })
+@ImportAutoConfiguration(classes = { WebTestClientProperties.class, AuthenticationFactoriesTestConf.class }, exclude = { AddonsWebmvcTestConf.class })
 public class AddonsWebfluxTestConf {
 
 	@MockBean
 	ReactiveJwtDecoder jwtDecoder;
 
+	@MockBean
+	ReactiveAuthenticationManagerResolver<ServerWebExchange> reactiveAuthenticationManagerResolver;
+
 	@MockBean
 	ReactiveOpaqueTokenIntrospector introspector;
 
@@ -43,17 +49,10 @@ InMemoryReactiveClientRegistrationRepository clientRegistrationRepository() {
 	@MockBean
 	ReactiveOAuth2AuthorizedClientService oAuth2AuthorizedClientService;
 
-	@Bean
-	HttpSecurity httpSecurity() {
-		return mock(HttpSecurity.class);
-	}
-
 	@Bean
 	@Scope("prototype")
-	WebTestClientSupport webTestClientSupport(
-			WebTestClientProperties webTestClientProperties,
-			WebTestClient webTestClient,
-			SpringAddonsSecurityProperties addonsProperties) {
+	WebTestClientSupport
+			webTestClientSupport(WebTestClientProperties webTestClientProperties, WebTestClient webTestClient, SpringAddonsOidcProperties addonsProperties) {
 		return new WebTestClientSupport(webTestClientProperties, webTestClient, addonsProperties);
 	}
 }
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java
similarity index 96%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java
index c630b198b..6c0d0a289 100644
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationConfigurer.java
@@ -19,7 +19,7 @@
 import org.springframework.test.web.reactive.server.WebTestClientConfigurer;
 import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.AuthenticationBuilder;
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationBuilder;
 
 /**
  * Redundant code for {@link Authentication} WebTestClient configurers
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxClientSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxClientSecurity.java
new file mode 100644
index 000000000..3b4d22451
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxClientSecurity.java
@@ -0,0 +1,32 @@
+package com.c4_soft.springaddons.security.oauth2.test.webflux;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcMinimalSecurity;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans;
+
+/**
+ * <p>
+ * Auto-configures {@link ReactiveSpringAddonsOidcResourceServerBeans} and {@link AddonsWebfluxTestConf}. To be used to test controllers but not services or
+ * repositories (web context is not desired in that case).
+ * </p>
+ * See {@link AutoConfigureAddonsWebmvcMinimalSecurity}
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ * @see    AddonsWebmvcComponentTest
+ * @see    AutoConfigureAddonsWebmvcResourceServerSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@AutoConfigureAddonsWebfluxMinimalSecurity
+@ImportAutoConfiguration({ ReactiveSpringAddonsOidcClientBeans.class, AddonsWebfluxTestConf.class })
+public @interface AutoConfigureAddonsWebfluxClientSecurity {
+}
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxMinimalSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxMinimalSecurity.java
new file mode 100644
index 000000000..87c98a4f3
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxMinimalSecurity.java
@@ -0,0 +1,39 @@
+package com.c4_soft.springaddons.security.oauth2.test.webflux;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AddonsWebmvcComponentTest;
+import com.c4_soft.springaddons.security.oauth2.test.webmvc.AutoConfigureAddonsWebmvcResourceServerSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
+
+/**
+ * <p>
+ * To be used to test services or repositories but <b>not controllers</b>: auto-configures {@link SpringAddonsOidcProperties}, {@link SpringAddonsOidcBeans},
+ * {@link ReactiveSpringAddonsOidcBeans} and {@link AuthenticationFactoriesTestConf}
+ * </p>
+ * See {@link AddonsWebmvcComponentTest} See {@link AutoConfigureAddonsWebmvcResourceServerSecurity} See {@link AutoConfigureAddonsWebfluxClientSecurity}
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ * @see    AddonsWebmvcComponentTest
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ * @see    AutoConfigureAddonsWebmvcResourceServerSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@ImportAutoConfiguration(classes = { AddonsWebfluxTestConf.class, ReactiveSpringAddonsOidcBeans.class }, exclude = { SpringAddonsOidcBeans.class })
+@ExtendWith(SpringExtension.class)
+@TestInstance(Lifecycle.PER_CLASS)
+public @interface AutoConfigureAddonsWebfluxMinimalSecurity {
+}
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxResourceServerSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxResourceServerSecurity.java
new file mode 100644
index 000000000..3c6e97ed9
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AutoConfigureAddonsWebfluxResourceServerSecurity.java
@@ -0,0 +1,26 @@
+package com.c4_soft.springaddons.security.oauth2.test.webflux;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
+
+/**
+ * <p>
+ * Auto-configures {@link ReactiveSpringAddonsOidcResourceServerBeans} and {@link AddonsWebfluxTestConf}. To be used to test controllers but not services or
+ * repositories (web context is not desired in that case).
+ * </p>
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@AutoConfigureAddonsWebfluxMinimalSecurity
+@ImportAutoConfiguration(classes = { ReactiveSpringAddonsOidcResourceServerBeans.class }, exclude = { SpringAddonsOidcResourceServerBeans.class })
+public @interface AutoConfigureAddonsWebfluxResourceServerSecurity {
+}
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/MockAuthenticationWebTestClientConfigurer.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/MockAuthenticationWebTestClientConfigurer.java
similarity index 100%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/MockAuthenticationWebTestClientConfigurer.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/MockAuthenticationWebTestClientConfigurer.java
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java
similarity index 89%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java
index ae579faff..25b9a82e9 100644
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/OidcIdAuthenticationTokenWebTestClientConfigurer.java
@@ -12,9 +12,9 @@
 
 package com.c4_soft.springaddons.security.oauth2.test.webflux;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.OAuthenticationTestingBuilder;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 public class OidcIdAuthenticationTokenWebTestClientConfigurer extends OAuthenticationTestingBuilder<OidcIdAuthenticationTokenWebTestClientConfigurer>
 		implements
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java
similarity index 86%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java
index 7bc23a2d3..614ea80a8 100644
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientProperties.java
@@ -2,7 +2,10 @@
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 
+@Order(Ordered.HIGHEST_PRECEDENCE)
 @AutoConfiguration
 @ConfigurationProperties(prefix = "com.c4-soft.springaddons.test.web")
 public class WebTestClientProperties {
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java
similarity index 92%
rename from webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java
index 7ead9a807..15f2f4966 100644
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/WebTestClientSupport.java
@@ -19,8 +19,8 @@
 import org.springframework.test.web.reactive.server.WebTestClient.ResponseSpec;
 import org.springframework.test.web.reactive.server.WebTestClientConfigurer;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 
 /**
  * You may configure in your test properties:
@@ -39,11 +39,11 @@ public class WebTestClientSupport {
 
 	private WebTestClient delegate;
 
-	public WebTestClientSupport(WebTestClientProperties webTestClientProperties, WebTestClient webTestClient, SpringAddonsSecurityProperties addonsProperties) {
+	public WebTestClientSupport(WebTestClientProperties webTestClientProperties, WebTestClient webTestClient, SpringAddonsOidcProperties addonsProperties) {
 		this.mediaType = MediaType.valueOf(webTestClientProperties.getDefaultMediaType());
 		this.charset = Charset.forName(webTestClientProperties.getDefaultCharset());
 		this.delegate = webTestClient;
-		this.setCsrf(!addonsProperties.getCsrf().equals(Csrf.DISABLE));
+		this.setCsrf(!addonsProperties.getResourceserver().getCsrf().equals(Csrf.DISABLE));
 	}
 
 	/**
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcComponentTest.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcComponentTest.java
new file mode 100644
index 000000000..6b310ff43
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcComponentTest.java
@@ -0,0 +1,34 @@
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxClientSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
+
+/**
+ * To be used when testing secured components which are not controllers
+ *
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ * @see    AutoConfigureAddonsWebmvcResourceServerSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@EnableAutoConfiguration(
+		exclude = {
+				ReactiveSpringAddonsOidcResourceServerBeans.class,
+				ReactiveSpringAddonsOidcClientBeans.class,
+				SpringAddonsOidcResourceServerBeans.class,
+				SpringAddonsOidcClientBeans.class })
+@AutoConfigureAddonsWebmvcMinimalSecurity
+public @interface AddonsWebmvcComponentTest {
+
+}
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AddonsWebmvcTestConf.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcTestConf.java
similarity index 79%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AddonsWebmvcTestConf.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcTestConf.java
index a11d6f667..e6aab2b7d 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AddonsWebmvcTestConf.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AddonsWebmvcTestConf.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -18,12 +18,14 @@
 
 import org.springframework.beans.factory.ObjectFactory;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.http.HttpMessageConverters;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.Scope;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
@@ -33,7 +35,9 @@
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.test.web.servlet.MockMvc;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 import com.c4_soft.springaddons.test.support.web.SerializationHelper;
 
 import jakarta.servlet.http.HttpServletRequest;
@@ -41,8 +45,9 @@
 /**
  * @author ch4mp Test configuration to mock JwtDecoder
  */
+@ConditionalOnWebApplication(type = Type.SERVLET)
 @AutoConfiguration
-@Import({ MockMvcProperties.class, AuthenticationFactoriesTestConf.class })
+@ImportAutoConfiguration(classes = { MockMvcProperties.class, AuthenticationFactoriesTestConf.class }, exclude = { AddonsWebfluxTestConf.class })
 public class AddonsWebmvcTestConf {
 
 	@MockBean
@@ -78,7 +83,7 @@ MockMvcSupport mockMvcSupport(
 			SerializationHelper serializationHelper,
 			MockMvcProperties mockMvcProperties,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		return new MockMvcSupport(mockMvc, serializationHelper, mockMvcProperties, serverProperties, addonsProperties);
 	}
 
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationRequestPostProcessor.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AuthenticationRequestPostProcessor.java
similarity index 90%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationRequestPostProcessor.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AuthenticationRequestPostProcessor.java
index ab43b7a30..552c6a65a 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationRequestPostProcessor.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AuthenticationRequestPostProcessor.java
@@ -9,13 +9,13 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.Authentication;
 import org.springframework.test.web.servlet.request.RequestPostProcessor;
 
-import com.c4_soft.springaddons.security.oauth2.AuthenticationBuilder;
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationBuilder;
 
 /**
  * Redundant code for {@link Authentication} MockMvc request post-processors
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcClientSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcClientSecurity.java
new file mode 100644
index 000000000..7c6fe9691
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcClientSecurity.java
@@ -0,0 +1,28 @@
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxClientSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans;
+
+/**
+ * <p>
+ * Auto-configures {@link SpringAddonsOidcClientBeans} as well as what is already configured by {@link AutoConfigureAddonsWebmvcMinimalSecurity}. To be used to
+ * test controllers but not services or repositories (web context is not desired in that case).
+ * </p>
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ * @see    AddonsWebmvcComponentTest
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@AutoConfigureAddonsWebmvcMinimalSecurity
+@ImportAutoConfiguration({ SpringAddonsOidcClientBeans.class })
+public @interface AutoConfigureAddonsWebmvcClientSecurity {
+}
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcMinimalSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcMinimalSecurity.java
new file mode 100644
index 000000000..b10f587bf
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcMinimalSecurity.java
@@ -0,0 +1,38 @@
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+import com.c4_soft.springaddons.security.oauth2.test.AuthenticationFactoriesTestConf;
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxClientSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
+
+/**
+ * <p>
+ * To be used to test services or repositories but <b>not controllers</b>: auto-configures {@link SpringAddonsOidcProperties}, {@link SpringAddonsOidcBeans},
+ * {@link AddonsWebmvcTestConf} and {@link AuthenticationFactoriesTestConf}
+ * </p>
+ * See {@link AddonsWebmvcComponentTest} See {@link AutoConfigureAddonsWebmvcResourceServerSecurity} See {@link AutoConfigureAddonsWebfluxClientSecurity}
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ * @see    AddonsWebmvcComponentTest
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ * @see    AutoConfigureAddonsWebmvcResourceServerSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@ImportAutoConfiguration(classes = { AddonsWebmvcTestConf.class, SpringAddonsOidcBeans.class }, exclude = { ReactiveSpringAddonsOidcBeans.class })
+@ExtendWith(SpringExtension.class)
+@TestInstance(Lifecycle.PER_CLASS)
+public @interface AutoConfigureAddonsWebmvcMinimalSecurity {
+}
diff --git a/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcResourceServerSecurity.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcResourceServerSecurity.java
new file mode 100644
index 000000000..cbee34e50
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/AutoConfigureAddonsWebmvcResourceServerSecurity.java
@@ -0,0 +1,28 @@
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+
+import com.c4_soft.springaddons.security.oauth2.test.webflux.AutoConfigureAddonsWebfluxClientSecurity;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans;
+
+/**
+ * <p>
+ * Auto-configures {@link SpringAddonsOidcResourceServerBeans} as well as what is already configured by {@link AutoConfigureAddonsWebmvcMinimalSecurity}. To be
+ * used to test controllers but not services or repositories (web context is not desired in that case).
+ * </p>
+ *
+ * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
+ * @see    AddonsWebmvcComponentTest
+ * @see    AutoConfigureAddonsWebfluxClientSecurity
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@AutoConfigureAddonsWebmvcMinimalSecurity
+@ImportAutoConfiguration({ SpringAddonsOidcResourceServerBeans.class })
+public @interface AutoConfigureAddonsWebmvcResourceServerSecurity {
+}
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockAuthenticationRequestPostProcessor.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockAuthenticationRequestPostProcessor.java
similarity index 96%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockAuthenticationRequestPostProcessor.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockAuthenticationRequestPostProcessor.java
index 4a9218025..b6a3ae1e1 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockAuthenticationRequestPostProcessor.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockAuthenticationRequestPostProcessor.java
@@ -10,7 +10,7 @@
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
 
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import org.springframework.security.core.Authentication;
 
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcPerformException.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcPerformException.java
similarity index 76%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcPerformException.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcPerformException.java
index 48165bb86..91d589a25 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcPerformException.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcPerformException.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 public class MockMvcPerformException extends RuntimeException {
 	private static final long serialVersionUID = 4812927101282656196L;
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcProperties.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcProperties.java
similarity index 86%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcProperties.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcProperties.java
index e47394e90..72da161af 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcProperties.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcProperties.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.context.properties.ConfigurationProperties;
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcSupport.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcSupport.java
similarity index 98%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcSupport.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcSupport.java
index edc248f90..34bd16413 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/MockMvcSupport.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/MockMvcSupport.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.request;
@@ -32,8 +32,8 @@
 import org.springframework.util.Assert;
 import org.springframework.web.servlet.DispatcherServlet;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 import com.c4_soft.springaddons.test.support.web.SerializationHelper;
 
 /**
@@ -79,14 +79,14 @@ public MockMvcSupport(
 			SerializationHelper serializationHelper,
 			MockMvcProperties mockMvcProperties,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties) {
+			SpringAddonsOidcProperties addonsProperties) {
 		this.mockMvc = mockMvc;
 		this.conv = serializationHelper;
 		this.mediaType = MediaType.valueOf(mockMvcProperties.getDefaultMediaType());
 		this.charset = Charset.forName(mockMvcProperties.getDefaultCharset());
 		this.postProcessors = new ArrayList<>();
 		this.isSecure = serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled();
-		this.isCsrf = !addonsProperties.getCsrf().equals(Csrf.DISABLE);
+		this.isCsrf = !addonsProperties.getResourceserver().getCsrf().equals(Csrf.DISABLE);
 	}
 
 	/**
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/OidcIdAuthenticationTokenRequestPostProcessor.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/OidcIdAuthenticationTokenRequestPostProcessor.java
similarity index 84%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/OidcIdAuthenticationTokenRequestPostProcessor.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/OidcIdAuthenticationTokenRequestPostProcessor.java
index f6857150b..09698db39 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/OidcIdAuthenticationTokenRequestPostProcessor.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/OidcIdAuthenticationTokenRequestPostProcessor.java
@@ -10,11 +10,11 @@
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
 
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
-import com.c4_soft.springaddons.security.oauth2.OAuthentication;
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
 import com.c4_soft.springaddons.security.oauth2.test.OAuthenticationTestingBuilder;
+import com.c4_soft.springaddons.security.oidc.OAuthentication;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
 
 public class OidcIdAuthenticationTokenRequestPostProcessor extends OAuthenticationTestingBuilder<OidcIdAuthenticationTokenRequestPostProcessor>
 		implements
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/SecurityContextRequestPostProcessorSupport.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/SecurityContextRequestPostProcessorSupport.java
similarity index 98%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/SecurityContextRequestPostProcessorSupport.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/SecurityContextRequestPostProcessorSupport.java
index 88a0cd5bf..31b2bb511 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/SecurityContextRequestPostProcessorSupport.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/SecurityContextRequestPostProcessorSupport.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/ServletUnitTestingSupport.java b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/ServletUnitTestingSupport.java
similarity index 95%
rename from webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/ServletUnitTestingSupport.java
rename to spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/ServletUnitTestingSupport.java
index 91f42aa90..28b3ab82b 100644
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/ServletUnitTestingSupport.java
+++ b/spring-addons-starter-oidc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/ServletUnitTestingSupport.java
@@ -9,7 +9,7 @@
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  */
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
+package com.c4_soft.springaddons.security.oauth2.test.webmvc;
 
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/spring-addons-starter-oidc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-addons-starter-oidc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 000000000..bc3259125
--- /dev/null
+++ b/spring-addons-starter-oidc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,11 @@
+com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties
+
+com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans
+com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsBackChannelLogoutBeans
+com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans
+com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans
+
+com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans
+com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsBackChannelLogoutBeans
+com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans
+com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans
diff --git a/spring-addons-starter-oidc/pom.xml b/spring-addons-starter-oidc/pom.xml
new file mode 100644
index 000000000..6b2e8ff0e
--- /dev/null
+++ b/spring-addons-starter-oidc/pom.xml
@@ -0,0 +1,113 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>com.c4-soft.springaddons</groupId>
+		<artifactId>spring-addons</artifactId>
+		<version>6.2.1-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+	<artifactId>spring-addons-starter-oidc</artifactId>
+
+	<url>https://github.com/ch4mpy/spring-addons/</url>
+	<scm>
+		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
+		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
+		<url>https://github.com/ch4mpy/spring-addons</url>
+		<tag>HEAD</tag>
+	</scm>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.c4-soft.springaddons</groupId>
+			<artifactId>spring-addons-oauth2</artifactId>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-jose</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-webflux</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-resource-server</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.jayway.jsonpath</groupId>
+			<artifactId>json-path</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.projectreactor</groupId>
+			<artifactId>reactor-core</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-configuration-processor</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-autoconfigure</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.servlet</groupId>
+			<artifactId>jakarta.servlet-api</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.assertj</groupId>
+			<artifactId>assertj-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+</project>
\ No newline at end of file
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ClaimSetAuthoritiesConverter.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ClaimSetAuthoritiesConverter.java
similarity index 84%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ClaimSetAuthoritiesConverter.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ClaimSetAuthoritiesConverter.java
index f9b5a5cc9..2c037189a 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ClaimSetAuthoritiesConverter.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ClaimSetAuthoritiesConverter.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter;
 
 import java.util.Collection;
 import java.util.Map;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableClaimSetAuthoritiesConverter.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableClaimSetAuthoritiesConverter.java
similarity index 84%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableClaimSetAuthoritiesConverter.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableClaimSetAuthoritiesConverter.java
index b9d557c9c..533ce2678 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableClaimSetAuthoritiesConverter.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableClaimSetAuthoritiesConverter.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter;
 
 import java.util.Collection;
 import java.util.List;
@@ -11,8 +11,8 @@
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.util.StringUtils;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Case;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.SimpleAuthoritiesMappingProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SimpleAuthoritiesMappingProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 import com.jayway.jsonpath.JsonPath;
 import com.jayway.jsonpath.PathNotFoundException;
 
@@ -23,7 +23,7 @@
  * Portable converter to extract Spring-security authorities from OAuth2 claims.
  * </p>
  * <p>
- * It is designed to work with {@link SpringAddonsSecurityProperties} which enable to configure:
+ * It is designed to work with {@link SpringAddonsOidcProperties} which enable to configure:
  * </p>
  * <ul>
  * <li>source claims (which claims to pick authorities from, dot.separated.path is supported)</li>
@@ -35,7 +35,7 @@
  */
 @RequiredArgsConstructor
 public class ConfigurableClaimSetAuthoritiesConverter implements ClaimSetAuthoritiesConverter {
-	private final SpringAddonsSecurityProperties properties;
+	private final SpringAddonsOidcProperties properties;
 
 	@Override
 	public Collection<? extends GrantedAuthority> convert(Map<String, Object> source) {
@@ -47,7 +47,7 @@ public Collection<? extends GrantedAuthority> convert(Map<String, Object> source
 	    // @formatter:on
 	}
 
-	private static String processCase(String role, Case caze) {
+	private static String processCase(String role, SimpleAuthoritiesMappingProperties.Case caze) {
 		switch (caze) {
 		case UPPER: {
 			return role.toUpperCase();
@@ -62,7 +62,7 @@ private static String processCase(String role, Case caze) {
 
 	private SimpleAuthoritiesMappingProperties[] getAuthoritiesMappingProperties(Map<String, Object> claimSet) {
 		final var iss = Optional.ofNullable(claimSet.get(JwtClaimNames.ISS)).orElse(null);
-		return properties.getIssuerProperties(iss).getAuthorities();
+		return properties.getOpProperties(iss).getAuthorities();
 	}
 
 	private static Stream<String> getAuthorities(Map<String, Object> claims, SimpleAuthoritiesMappingProperties props) {
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/LogoutRequestUriBuilder.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/LogoutRequestUriBuilder.java
similarity index 87%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/LogoutRequestUriBuilder.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/LogoutRequestUriBuilder.java
index 2becfcfaa..e0f72e34b 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/LogoutRequestUriBuilder.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/LogoutRequestUriBuilder.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter;
 
 import java.net.URI;
 
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2LogoutRequestUriBuilder.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/SpringAddonsOAuth2LogoutRequestUriBuilder.java
similarity index 92%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2LogoutRequestUriBuilder.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/SpringAddonsOAuth2LogoutRequestUriBuilder.java
index bb9cf9985..de6e291e2 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2LogoutRequestUriBuilder.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/SpringAddonsOAuth2LogoutRequestUriBuilder.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter;
 
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
@@ -8,7 +8,8 @@
 import org.springframework.util.StringUtils;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties.OAuth2LogoutProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.OAuth2LogoutProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
 
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
@@ -24,7 +25,7 @@ public class SpringAddonsOAuth2LogoutRequestUriBuilder implements LogoutRequestU
 	private static final String OIDC_RP_INITIATED_LOGOUT_ID_TOKEN_HINT_REQUEST_PARAM = "id_token_hint";
 	private static final String OIDC_RP_INITIATED_LOGOUT_POST_LOGOUT_URI_REQUEST_PARAM = "post_logout_redirect_uri";
 
-	private final SpringAddonsOAuth2ClientProperties clientProperties;
+	private final SpringAddonsOidcClientProperties clientProperties;
 
 	@Override
 	public String getLogoutRequestUri(ClientRegistration clientRegistration, String idToken, URI postLogoutUri) {
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java
new file mode 100644
index 000000000..5e559b926
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/CorsProperties.java
@@ -0,0 +1,38 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import lombok.Data;
+
+@Data
+public class CorsProperties {
+	/**
+	 * Path matcher to which this configuration entry applies
+	 */
+	private String path = "/**";
+
+	/**
+	 * Default is null
+	 */
+	private Boolean allowCredentials = null;
+
+	/**
+	 * Default is "*" which allows all origins
+	 */
+	private String[] allowedOriginPatterns = { "*" };
+
+	/**
+	 * Default is "*" which allows all methods
+	 */
+	private String[] allowedMethods = { "*" };
+
+	/**
+	 * Default is "*" which allows all headers
+	 */
+	private String[] allowedHeaders = { "*" };
+
+	/**
+	 * Default is "*" which exposes all headers
+	 */
+	private String[] exposedHeaders = { "*" };
+
+	private Long maxAge = null;
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/Csrf.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/Csrf.java
new file mode 100644
index 000000000..a10fa81ee
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/Csrf.java
@@ -0,0 +1,38 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+/**
+ * <ul>
+ * <li>DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)</li>
+ * <li>DISABLE disables CSRF protection. The default value for resource servers, but <b>you should really not be doing that on a client!</b></li>
+ * <li>SESSION stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with
+ * a JS application (written with Angular, React, Vue, etc.)</li>
+ * <li>COOKIE_HTTP_ONLY stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)</li>
+ * <li>COOKIE_ACCESSIBLE_FROM_JS stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps</li>
+ * </ul>
+ *
+ * @author ch4mp
+ */
+public enum Csrf {
+	/**
+	 * Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
+	 */
+	DEFAULT,
+	/**
+	 * Disables CSRF protection. The default value for resource servers, but <b>you should really not be doing that on a client!</b>
+	 */
+	DISABLE,
+	/**
+	 * Stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS
+	 * application (written with Angular, React, Vue, etc.)
+	 */
+	SESSION,
+	/**
+	 * Stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)
+	 */
+	COOKIE_HTTP_ONLY,
+	/**
+	 * Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps. To be used when sessions are enabled and queries are issued with Angular, React, Vue,
+	 * etc.
+	 */
+	COOKIE_ACCESSIBLE_FROM_JS
+}
\ No newline at end of file
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/MissingAuthorizationServerConfigurationException.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/MissingAuthorizationServerConfigurationException.java
similarity index 88%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/MissingAuthorizationServerConfigurationException.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/MissingAuthorizationServerConfigurationException.java
index ac60bc7ef..f50f1b30b 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/MissingAuthorizationServerConfigurationException.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/MissingAuthorizationServerConfigurationException.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter.properties;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ResponseStatus;
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OAuth2LogoutProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OAuth2LogoutProperties.java
new file mode 100644
index 000000000..7037afdd9
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OAuth2LogoutProperties.java
@@ -0,0 +1,34 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import java.net.URI;
+import java.util.Optional;
+
+import lombok.Data;
+
+@Data
+public class OAuth2LogoutProperties {
+	/**
+	 * client registration id as set in Spring Boot OAuth2 client properties
+	 */
+	private String clientRegistrationId;
+
+	/**
+	 * URI on the authorization server where to redirect the user for logout
+	 */
+	private URI uri;
+
+	/**
+	 * request param name for client-id
+	 */
+	private Optional<String> clientIdRequestParam = Optional.empty();
+
+	/**
+	 * request param name for post-logout redirect URI (where the user should be redirected after his session is closed on the authorization server)
+	 */
+	private Optional<String> postLogoutUriRequestParam = Optional.empty();
+
+	/**
+	 * request param name for setting an ID-Token hint
+	 */
+	private Optional<String> idTokenHintRequestParam = Optional.empty();
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OpenidProviderProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OpenidProviderProperties.java
new file mode 100644
index 000000000..b7b5e5f16
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/OpenidProviderProperties.java
@@ -0,0 +1,45 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import java.net.URI;
+
+import org.springframework.boot.context.properties.NestedConfigurationProperty;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+
+import lombok.Data;
+
+/**
+ * OpenID Providers configuration. A minimum of one issuer is required. <b>Properties defined here are a replacement for
+ * spring.security.oauth2.resourceserver.jwt.*</b> (which will be ignored). Authorities mapping defined here is used by both client and resource server
+ * filter-chains.
+ *
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ */
+@Data
+public class OpenidProviderProperties {
+	/**
+	 * Can be omitted if jwk-set-uri is provided. Will insert an issuer validator if not null or empty. It must be exactly the same as in access tokens (even
+	 * trailing slash, if any, is important). In case of doubt, open one of your access tokens with a tool like https://jwt.io
+	 */
+	private URI iss;
+
+	/**
+	 * Can be omitted if issuer-uri is provided
+	 */
+	private URI jwkSetUri;
+
+	/**
+	 * Can be omitted. Will insert an audience validator if not null or empty
+	 */
+	private String aud;
+
+	/**
+	 * Authorities mapping configuration, per claim
+	 */
+	@NestedConfigurationProperty
+	private SimpleAuthoritiesMappingProperties[] authorities = { new SimpleAuthoritiesMappingProperties() };
+
+	/**
+	 * JSON path for the claim to use as "name" source
+	 */
+	private String usernameClaim = StandardClaimNames.SUB;
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SimpleAuthoritiesMappingProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SimpleAuthoritiesMappingProperties.java
new file mode 100644
index 000000000..1fbe784a5
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SimpleAuthoritiesMappingProperties.java
@@ -0,0 +1,36 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import com.c4_soft.springaddons.security.oidc.starter.ConfigurableClaimSetAuthoritiesConverter;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * Configuration for {@link ConfigurableClaimSetAuthoritiesConverter}
+ *
+ * @author ch4mp
+ */
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class SimpleAuthoritiesMappingProperties {
+	/**
+	 * JSON path of the claim(s) to map with this properties
+	 */
+	private String path = "$.realm_access.roles";
+
+	/**
+	 * What to prefix authorities with (for instance "ROLE_" or "SCOPE_")
+	 */
+	private String prefix = "";
+
+	/**
+	 * Whether to transform authorities to uppercase, lowercase, or to leave it unchanged
+	 */
+	private Case caze = Case.UNCHANGED;
+
+	public static enum Case {
+		UNCHANGED, UPPER, LOWER
+	}
+}
\ No newline at end of file
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2ClientProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java
similarity index 60%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2ClientProperties.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java
index 32b84501d..16e57f6c0 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2ClientProperties.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter.properties;
 
 import java.net.URI;
 import java.util.HashMap;
@@ -7,29 +7,28 @@
 import java.util.Optional;
 import java.util.stream.Stream;
 
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Csrf;
-
 import lombok.Data;
 
 /**
- * Properties to push one step further the auto-configuration of Spring Boot OAuth2 clients
+ * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with &#64;Order(LOWEST_PRECEDENCE - 1). Typical
+ * use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default configuration includes:
+ * enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain &#64;Bean and its dependencies to be defined.
+ * <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling spring-addons client filter-chain).
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
 @Data
-@AutoConfiguration
-@ConfigurationProperties(prefix = "com.c4-soft.springaddons.security.client")
-public class SpringAddonsOAuth2ClientProperties {
+public class SpringAddonsOidcClientProperties {
+
 	/**
-	 * If false, all client auto-configuration is disabled
+	 * Path matchers for the routes secured with the auto-configured client filter-chain. If left empty, OAuth2 client auto-configuration is disabled. It should
+	 * include "/login/**" and "/oauth2/**" for login process. Can be set to "/**" to intercept all requests (OAuth2 client only application, no REST API
+	 * secured with access tokens).
 	 */
-	private boolean enabled = true;
+	private String[] securityMatchers = {};
 
 	/**
 	 * Fully qualified URI of the configured OAuth2 client.
@@ -46,22 +45,18 @@ public class SpringAddonsOAuth2ClientProperties {
 	 * standard, but exposing a logout end-point expecting an authorized GET request with following request params:
 	 * <ul>
 	 * <li>"client-id" (required)</li>
-	 * <li>post-logout redirect URI (optional)</li> </il>
+	 * <li>post-logout redirect URI (optional)</li>
+	 * </ul>
 	 */
 	@NestedConfigurationProperty
 	private OAuth2LogoutProperties[] oauth2Logout = {};
 
 	/**
-	 * Whether to enable a security filter-chain and a controller to implement the client side of a
+	 * Whether to enable a security filter-chain and a controller (intercepting POST requests to "/backchannel_logout") to implement the client side of a
 	 * <a href="https://openid.net/specs/openid-connect-backchannel-1_0.html">Back-Channel Logout</a>
 	 */
 	private boolean backChannelLogoutEnabled = false;
 
-	/**
-	 * Path matchers for the routes secured with the auto-configured client filter-chain
-	 */
-	private String[] securityMatchers;
-
 	/**
 	 * Path matchers for the routes accessible to anonymous requests
 	 */
@@ -85,10 +80,10 @@ public class SpringAddonsOAuth2ClientProperties {
 	/**
 	 * CSRF protection configuration for the auto-configured client filter-chain
 	 */
-	private Csrf csrf = Csrf.SESSION;
+	private Csrf csrf = Csrf.COOKIE_HTTP_ONLY;
 
 	/**
-	 * Fine grained CORS configuration for the auto-configured client filter-chain
+	 * Fine grained CORS configuration
 	 */
 	@NestedConfigurationProperty
 	private CorsProperties[] cors = {};
@@ -104,34 +99,6 @@ public static class RequestParam {
 		private String value;
 	}
 
-	@Data
-	public static class OAuth2LogoutProperties {
-		/**
-		 * client registration id as set in Spring Boot OAuth2 client properties
-		 */
-		private String clientRegistrationId;
-
-		/**
-		 * URI on the authorization server where to redirect the user for logout
-		 */
-		private URI uri;
-
-		/**
-		 * request param name for client-id
-		 */
-		private Optional<String> clientIdRequestParam = Optional.empty();
-
-		/**
-		 * request param name for post-logout redirect URI (where the user should be redirected after his session is closed on the authorization server)
-		 */
-		private Optional<String> postLogoutUriRequestParam = Optional.empty();
-
-		/**
-		 * request param name for setting an ID-Token hint
-		 */
-		private Optional<String> idTokenHintRequestParam = Optional.empty();
-	}
-
 	public URI getPostLogoutRedirectUri() {
 		return UriComponentsBuilder.fromUri(clientUri).path(postLogoutRedirectPath).build(Map.of());
 	}
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java
new file mode 100644
index 000000000..4ca0a8a7e
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java
@@ -0,0 +1,84 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import java.net.URI;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.NestedConfigurationProperty;
+
+import lombok.Data;
+
+/**
+ * <p>
+ * Configuration properties for OAuth2 auto-configuration extensions to spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resource-server.
+ * </p>
+ * The following spring-boot standard properties are used:
+ * <ul>
+ * <li>spring.security.oauth2.client.provider.*</li>
+ * <li>spring.security.oauth2.client.registration.*</li>
+ * <li>spring.security.oauth2.resourceserver.opaquetoken.*</li>
+ * </ul>
+ * <b>spring.security.oauth2.resourceserver.jwt.* properties are ignored.</b> The reason for that is it is applicable only to single tenant scenarios. Use
+ * properties
+ *
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ */
+@Data
+@AutoConfiguration
+@ConfigurationProperties(prefix = "com.c4-soft.springaddons.oidc")
+public class SpringAddonsOidcProperties {
+
+	/**
+	 * OpenID Providers configuration: JWK set URI, issuer URI, audience, and authorities mapping configuration for each issuer. A minimum of one issuer is
+	 * required. <b>Properties defined here are a replacement for spring.security.oauth2.resourceserver.jwt.*</b> (which will be ignored). Authorities mapping
+	 * defined there is used by both client and resource server filter-chains.
+	 */
+	@NestedConfigurationProperty
+	private OpenidProviderProperties[] ops = {};
+
+	/**
+	 * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with &#64;Order(LOWEST_PRECEDENCE - 1). Typical
+	 * use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default configuration
+	 * includes: enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain &#64;Bean and its dependencies
+	 * to be defined. <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling spring-addons client
+	 * filter-chain).
+	 */
+	@NestedConfigurationProperty
+	private SpringAddonsOidcClientProperties client = new SpringAddonsOidcClientProperties();
+
+	/**
+	 * Auto-configuration for an OAuth2 resource server Security(Web)FilterChain with &#64;Order(LOWEST_PRECEDENCE). Typical use case is a REST API secured with
+	 * access tokens. Default configuration is as follow: no securityMatcher to process all the requests that were not intercepted by higher &#64;Order
+	 * Security(Web)FilterChains, no session, disabled CSRF protection, and 401 to unauthorized requests.
+	 */
+	@NestedConfigurationProperty
+	private SpringAddonsOidcResourceServerProperties resourceserver = new SpringAddonsOidcResourceServerProperties();
+
+	/**
+	 * @param  iss                                              the issuer URI string
+	 * @return                                                  configuration properties associated with the provided issuer URI
+	 * @throws MissingAuthorizationServerConfigurationException if configuration properties don not have an entry for the exact issuer (even trailing slash is
+	 *                                                          important)
+	 */
+	public OpenidProviderProperties getOpProperties(String iss) throws MissingAuthorizationServerConfigurationException {
+		return Stream.of(ops).filter(issuerProps -> Objects.equals(Optional.ofNullable(issuerProps.getIss()).map(URI::toString).orElse(null), iss)).findAny()
+				.orElseThrow(() -> new MissingAuthorizationServerConfigurationException(iss));
+	}
+
+	/**
+	 * @param  iss                                              the issuer URL
+	 * @return                                                  configuration properties associated with the provided issuer URI
+	 * @throws MissingAuthorizationServerConfigurationException if configuration properties don not have an entry for the exact issuer (even trailing slash is
+	 *                                                          important)
+	 */
+	public OpenidProviderProperties getOpProperties(Object iss) throws MissingAuthorizationServerConfigurationException {
+		if (iss == null && ops.length == 1) {
+			return ops[0];
+		}
+		return getOpProperties(Optional.ofNullable(iss).map(Object::toString).orElse(null));
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java
new file mode 100644
index 000000000..ecbe21ff5
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcResourceServerProperties.java
@@ -0,0 +1,43 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties;
+
+import org.springframework.boot.context.properties.NestedConfigurationProperty;
+
+import lombok.Data;
+
+/**
+ * Auto-configuration for an OAuth2 resource server Security(Web)FilterChain with &#64;Order(LOWEST_PRECEDENCE). Typical use case is a REST API secured with
+ * access tokens. Default configuration is as follow: no securityMatcher to process all the requests that were not intercepted by higher &#64;Order
+ * Security(Web)FilterChains, no session, disabled CSRF protection, and 401 to unauthorized requests.
+ *
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ */
+@Data
+public class SpringAddonsOidcResourceServerProperties {
+
+	/**
+	 * Resource server SecurityFilterChain bean and all its dependencies are instantiated only if true.
+	 */
+	private boolean enabled = true;
+
+	/**
+	 * Path matchers for the routes accessible to anonymous requests
+	 */
+	private String[] permitAll = {};
+
+	/**
+	 * Whether to disable sessions. It should remain true.
+	 */
+	private boolean statlessSessions = true;
+
+	/**
+	 * CSRF protection configuration for the auto-configured client filter-chain
+	 */
+	private Csrf csrf = Csrf.DISABLE;
+
+	/**
+	 * Fine grained CORS configuration
+	 */
+	@NestedConfigurationProperty
+	private CorsProperties[] cors = {};
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/CookieCsrfCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/CookieCsrfCondition.java
new file mode 100644
index 000000000..4b34eef41
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/CookieCsrfCondition.java
@@ -0,0 +1,22 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+
+public class CookieCsrfCondition extends AnyNestedCondition {
+
+	public CookieCsrfCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@ConditionalOnProperty(name = "com.c4-soft.springaddons.oidc.csrf", havingValue = "cookie-accessible-from-js")
+	static class CookieAccessibleToJsCondition {
+
+	}
+
+	@ConditionalOnProperty(name = "com.c4-soft.springaddons.oidc.csrf", havingValue = "cookie-http-only")
+	static class HttpOnlyCookieCondition {
+
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultAuthenticationManagerResolverCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultAuthenticationManagerResolverCondition.java
new file mode 100644
index 000000000..3e8e8cc07
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultAuthenticationManagerResolverCondition.java
@@ -0,0 +1,27 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.security.authentication.AuthenticationManagerResolver;
+import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
+
+public class DefaultAuthenticationManagerResolverCondition extends AllNestedConditions {
+
+	DefaultAuthenticationManagerResolverCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@Conditional(IsJwtDecoderResourceServerCondition.class)
+	static class IsJwtResourceServer {
+	}
+
+	@ConditionalOnMissingBean(AuthenticationManagerResolver.class)
+	static class CustomAuthenticationManagerResolverNotProvided {
+	}
+
+	@ConditionalOnMissingBean(ReactiveAuthenticationManagerResolver.class)
+	static class CustomReactiveAuthenticationManagerResolverNotProvided {
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultGrantedAuthoritiesMapperCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultGrantedAuthoritiesMapperCondition.java
new file mode 100644
index 000000000..38c125b31
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultGrantedAuthoritiesMapperCondition.java
@@ -0,0 +1,22 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcClientCondition;
+
+public class DefaultGrantedAuthoritiesMapperCondition extends AllNestedConditions {
+	DefaultGrantedAuthoritiesMapperCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@Conditional(IsOidcClientCondition.class)
+	static class SpringAddonsOidcClientEnabled {
+	}
+
+	@ConditionalOnMissingBean(GrantedAuthoritiesMapper.class)
+	static class CustomGrantedAuthoritiesMapperNotProvided {
+	}
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultJwtAbstractAuthenticationTokenConverterCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultJwtAbstractAuthenticationTokenConverterCondition.java
new file mode 100644
index 000000000..736b5449d
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultJwtAbstractAuthenticationTokenConverterCondition.java
@@ -0,0 +1,31 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Conditional;
+
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveJwtAbstractAuthenticationTokenConverter;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
+
+public class DefaultJwtAbstractAuthenticationTokenConverterCondition extends AllNestedConditions {
+	DefaultJwtAbstractAuthenticationTokenConverterCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@Conditional(IsOidcResourceServerCondition.class)
+	static class SpringAddonsOidcClientEnabled {
+	}
+
+	@Conditional(IsJwtDecoderResourceServerCondition.class)
+	static class SpringAddonsIntrospectionPropertiesPresent {
+	}
+
+	@ConditionalOnMissingBean(JwtAbstractAuthenticationTokenConverter.class)
+	static class CustomAuthenticationConverterNotProvided {
+	}
+
+	@ConditionalOnMissingBean(ReactiveJwtAbstractAuthenticationTokenConverter.class)
+	static class CustomReactiveAuthenticationConverterNotProvided {
+	}
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOpaqueTokenAuthenticationConverterCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOpaqueTokenAuthenticationConverterCondition.java
new file mode 100644
index 000000000..cecff526a
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/DefaultOpaqueTokenAuthenticationConverterCondition.java
@@ -0,0 +1,31 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
+
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcResourceServerCondition;
+
+public class DefaultOpaqueTokenAuthenticationConverterCondition extends AllNestedConditions {
+	DefaultOpaqueTokenAuthenticationConverterCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@Conditional(IsOidcResourceServerCondition.class)
+	static class SpringAddonsOidcResourceServerEnabled {
+	}
+
+	@Conditional(IsIntrospectingResourceServerCondition.class)
+	static class SpringAddonsIntrospectionPropertiesPresent {
+	}
+
+	@ConditionalOnMissingBean(OpaqueTokenAuthenticationConverter.class)
+	static class CustomAuthenticationConverterNotProvided {
+	}
+
+	@ConditionalOnMissingBean(ReactiveOpaqueTokenAuthenticationConverter.class)
+	static class CustomReactiveAuthenticationConverterNotProvided {
+	}
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsIntrospectingResourceServerCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsIntrospectingResourceServerCondition.java
new file mode 100644
index 000000000..1a9295bc1
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsIntrospectingResourceServerCondition.java
@@ -0,0 +1,16 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+
+public class IsIntrospectingResourceServerCondition extends AnyNestedCondition {
+
+	IsIntrospectingResourceServerCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@ConditionalOnProperty("spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
+	static class IsOpaqueTokenIntrospectionUriDeclared {
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsJwtDecoderResourceServerCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsJwtDecoderResourceServerCondition.java
new file mode 100644
index 000000000..afa750620
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/bean/IsJwtDecoderResourceServerCondition.java
@@ -0,0 +1,16 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.condition.NoneNestedConditions;
+
+public class IsJwtDecoderResourceServerCondition extends NoneNestedConditions {
+
+	IsJwtDecoderResourceServerCondition() {
+		super(ConfigurationPhase.REGISTER_BEAN);
+	}
+
+	@ConditionalOnProperty("spring.security.oauth2.resourceserver.opaquetoken.introspection-uri")
+	static class IsOpaqueTokenIntrospectionUriDeclared {
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsNotServlet.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsNotServlet.java
new file mode 100644
index 000000000..4ddd6374a
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsNotServlet.java
@@ -0,0 +1,18 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
+import org.springframework.boot.autoconfigure.condition.NoneNestedConditions;
+
+public class IsNotServlet extends NoneNestedConditions {
+
+	public IsNotServlet() {
+		super(ConfigurationPhase.PARSE_CONFIGURATION);
+	}
+
+	@ConditionalOnWebApplication(type = Type.SERVLET)
+static class IsServletWebApp {
+
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcClientCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcClientCondition.java
new file mode 100644
index 000000000..729532918
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcClientCondition.java
@@ -0,0 +1,23 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration;
+
+import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+
+public class IsOidcClientCondition extends AnyNestedCondition {
+
+	public IsOidcClientCondition() {
+		super(ConfigurationPhase.PARSE_CONFIGURATION);
+	}
+
+	@ConditionalOnExpression("!(T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.oidc.client.security-matchers:}') && T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.oidc.client.security-matchers[0]:}'))")
+	static class Value1Condition {
+
+	}
+
+	@ConditionalOnProperty(name = "com.c4-soft.springaddons.oidc.client.security-matchers[0]")
+	static class Value2Condition {
+
+	}
+
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcResourceServerCondition.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcResourceServerCondition.java
new file mode 100644
index 000000000..949468bf0
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/condition/configuration/IsOidcResourceServerCondition.java
@@ -0,0 +1,22 @@
+package com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration;
+
+import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver;
+
+public class IsOidcResourceServerCondition extends AllNestedConditions {
+
+	IsOidcResourceServerCondition() {
+		super(ConfigurationPhase.PARSE_CONFIGURATION);
+	}
+
+	@ConditionalOnProperty(prefix = "com.c4-soft.springaddons.oidc.resourceserver", name = "enabled", matchIfMissing = true)
+	static class SpringAddonsResourceServerEnabled {
+	}
+
+	@ConditionalOnClass(HeaderBearerTokenResolver.class)
+	static class BearerTokenAuthenticationFilterIsOnClassPath {
+	}
+
+}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerAuthorizeExchangeSpecPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/AuthorizeExchangeSpecPostProcessor.java
similarity index 50%
rename from webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerAuthorizeExchangeSpecPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/AuthorizeExchangeSpecPostProcessor.java
index fafa419db..ab2d2b32c 100644
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerAuthorizeExchangeSpecPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/AuthorizeExchangeSpecPostProcessor.java
@@ -1,14 +1,12 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive;
 
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-
 /**
- * Customize access-control for routes which where not listed in {@link SpringAddonsSecurityProperties#permitAll}
- * 
+ * Customize access-control for routes which where not listed in spring-addons "permit-all" properties for client and resource server filter chains
+ *
  * @author ch4mp
  */
-public interface ResourceServerAuthorizeExchangeSpecPostProcessor {
+public interface AuthorizeExchangeSpecPostProcessor {
 	ServerHttpSecurity.AuthorizeExchangeSpec authorizeHttpRequests(ServerHttpSecurity.AuthorizeExchangeSpec spec);
 }
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/HttpSecurityPostProcessor.java
similarity index 74%
rename from webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerHttpSecurityPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/HttpSecurityPostProcessor.java
index f32f61b24..f25485c1c 100644
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ResourceServerHttpSecurityPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/HttpSecurityPostProcessor.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive;
 
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 
@@ -8,6 +8,6 @@
  * 
  * @author ch4mp
  */
-public interface ResourceServerHttpSecurityPostProcessor {
+public interface HttpSecurityPostProcessor {
 	ServerHttpSecurity process(ServerHttpSecurity serverHttpSecurity);
 }
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ReactiveConfigurationSupport.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveConfigurationSupport.java
similarity index 78%
rename from webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ReactiveConfigurationSupport.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveConfigurationSupport.java
index ec704e49b..496fbe06b 100644
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ReactiveConfigurationSupport.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveConfigurationSupport.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -13,16 +13,21 @@
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcResourceServerProperties;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ClientAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ClientHttpSecurityPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerAuthorizeExchangeSpecPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ResourceServerHttpSecurityPostProcessor;
 
 public class ReactiveConfigurationSupport {
 
 	public static ServerHttpSecurity configureResourceServer(
 			ServerHttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsResourceServerProperties,
+			SpringAddonsOidcResourceServerProperties addonsResourceServerProperties,
 			ServerAccessDeniedHandler accessDeniedHandler,
 			ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
 			ResourceServerHttpSecurityPostProcessor httpPostProcessor) {
@@ -46,7 +51,7 @@ public static ServerHttpSecurity configureResourceServer(
 	public static ServerHttpSecurity configureClient(
 			ServerHttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsOAuth2ClientProperties addonsClientProperties,
+			SpringAddonsOidcClientProperties addonsClientProperties,
 			ClientAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
 			ClientHttpSecurityPostProcessor httpPostProcessor) {
 
@@ -79,10 +84,12 @@ public static ServerHttpSecurity configureCors(ServerHttpSecurity http, CorsProp
 			final var source = new UrlBasedCorsConfigurationSource();
 			for (final var corsProps : corsProperties) {
 				final var configuration = new CorsConfiguration();
-				configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-				configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
+				configuration.setAllowCredentials(corsProps.getAllowCredentials());
 				configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
+				configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
+				configuration.setAllowedOriginPatterns(Arrays.asList(corsProps.getAllowedOriginPatterns()));
 				configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
+				configuration.setMaxAge(corsProps.getMaxAge());
 				source.registerCorsConfiguration(corsProps.getPath(), configuration);
 			}
 			http.cors(cors -> cors.configurationSource(source));
@@ -90,7 +97,7 @@ public static ServerHttpSecurity configureCors(ServerHttpSecurity http, CorsProp
 		return http;
 	}
 
-	public static ServerHttpSecurity configureState(ServerHttpSecurity http, boolean isStatless, SpringAddonsSecurityProperties.Csrf csrfEnum) {
+	public static ServerHttpSecurity configureState(ServerHttpSecurity http, boolean isStatless, Csrf csrfEnum) {
 
 		if (isStatless) {
 			http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance());
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java
new file mode 100644
index 000000000..a54dd4089
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ReactiveSpringAddonsOidcBeans.java
@@ -0,0 +1,144 @@
+package com.c4_soft.springaddons.security.oidc.starter.reactive;
+
+import java.time.Instant;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Stream;
+
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
+import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
+
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.ConfigurableClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultGrantedAuthoritiesMapperCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultJwtAbstractAuthenticationTokenConverterCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOpaqueTokenAuthenticationConverterCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsNotServlet;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveJwtAbstractAuthenticationTokenConverter;
+
+import lombok.extern.slf4j.Slf4j;
+import reactor.core.publisher.Mono;
+
+/**
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ */
+@Conditional(IsNotServlet.class)
+@AutoConfiguration
+@ImportAutoConfiguration(SpringAddonsOidcProperties.class)
+@Slf4j
+public class ReactiveSpringAddonsOidcBeans {
+
+	/**
+	 * Retrieves granted authorities from the Jwt (from its private claims or with the help of an external service)
+	 *
+	 * @param  securityProperties
+	 * @return
+	 */
+	@ConditionalOnMissingBean
+	@Bean
+	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsOidcProperties addonsProperties) {
+		log.debug("Building default CorsConfigurationSource with: {}", addonsProperties);
+		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
+	}
+
+	/**
+	 * Converter bean from {@link Jwt} to {@link AbstractAuthenticationToken}
+	 *
+	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
+	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
+	 * @return                       a converter from {@link Jwt} to {@link AbstractAuthenticationToken}
+	 */
+	@Conditional(DefaultJwtAbstractAuthenticationTokenConverterCondition.class)
+	@Bean
+	ReactiveJwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter(
+			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
+			SpringAddonsOidcProperties addonsProperties) {
+		return jwt -> Mono.just(
+				new JwtAuthenticationToken(
+						jwt,
+						authoritiesConverter.convert(jwt.getClaims()),
+						new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getIssuer()).getUsernameClaim()).getName()));
+	}
+
+	/**
+	 * Converter bean from successful introspection result to {@link Authentication} instance
+	 *
+	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
+	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
+	 * @return                       a converter from successful introspection result to {@link Authentication} instance
+	 */
+	@Conditional(DefaultOpaqueTokenAuthenticationConverterCondition.class)
+	@Bean
+	@SuppressWarnings("unchecked")
+	ReactiveOpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
+			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
+			SpringAddonsOidcProperties addonsProperties,
+			OAuth2ResourceServerProperties resourceServerProperties) {
+		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> Mono.just(
+				new BearerTokenAuthentication(
+						new OAuth2IntrospectionAuthenticatedPrincipal(
+								new OpenidClaimSet(
+										authenticatedPrincipal.getAttributes(),
+										Stream.of(addonsProperties.getOps())
+												.filter(
+														issProps -> resourceServerProperties.getOpaquetoken().getIntrospectionUri()
+																.contains(issProps.getIss().toString()))
+												.findAny().orElse(addonsProperties.getOps()[0]).getUsernameClaim()).getName(),
+								authenticatedPrincipal.getAttributes(),
+								(Collection<GrantedAuthority>) authenticatedPrincipal.getAuthorities()),
+						new OAuth2AccessToken(
+								OAuth2AccessToken.TokenType.BEARER,
+								introspectedToken,
+								Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT)).longValue()),
+								Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)).longValue())),
+						authoritiesConverter.convert(authenticatedPrincipal.getAttributes())));
+	}
+
+	/**
+	 * @param  authoritiesConverter the authorities converter to use (by default {@link ConfigurableClaimSetAuthoritiesConverter})
+	 * @return                      {@link GrantedAuthoritiesMapper} using the authorities converter in the context
+	 */
+	@Conditional(DefaultGrantedAuthoritiesMapperCondition.class)
+	@ConditionalOnMissingBean
+	@Bean
+	GrantedAuthoritiesMapper grantedAuthoritiesMapper(Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter) {
+		return (authorities) -> {
+			Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+
+			authorities.forEach(authority -> {
+				if (authority instanceof OidcUserAuthority oidcAuth) {
+					mappedAuthorities.addAll(authoritiesConverter.convert(oidcAuth.getIdToken().getClaims()));
+
+				} else if (authority instanceof OAuth2UserAuthority oauth2Auth) {
+					mappedAuthorities.addAll(authoritiesConverter.convert(oauth2Auth.getAttributes()));
+
+				}
+			});
+
+			return mappedAuthorities;
+		};
+	}
+}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ServerHttpRequestSupport.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ServerHttpRequestSupport.java
similarity index 97%
rename from webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ServerHttpRequestSupport.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ServerHttpRequestSupport.java
index 044c0e078..74a07f6fa 100644
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ServerHttpRequestSupport.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/ServerHttpRequestSupport.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive;
 
 import java.util.NoSuchElementException;
 
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientAuthorizeExchangeSpecPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientAuthorizeExchangeSpecPostProcessor.java
new file mode 100644
index 000000000..06a92477d
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientAuthorizeExchangeSpecPostProcessor.java
@@ -0,0 +1,6 @@
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
+
+import com.c4_soft.springaddons.security.oidc.starter.reactive.AuthorizeExchangeSpecPostProcessor;
+
+public interface ClientAuthorizeExchangeSpecPostProcessor extends AuthorizeExchangeSpecPostProcessor {
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientHttpSecurityPostProcessor.java
new file mode 100644
index 000000000..682ce5ca6
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ClientHttpSecurityPostProcessor.java
@@ -0,0 +1,6 @@
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
+
+import com.c4_soft.springaddons.security.oidc.starter.reactive.HttpSecurityPostProcessor;
+
+public interface ClientHttpSecurityPostProcessor extends HttpSecurityPostProcessor {
+}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsBackChannelLogoutBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsBackChannelLogoutBeans.java
similarity index 86%
rename from webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsBackChannelLogoutBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsBackChannelLogoutBeans.java
index 6453dc080..de8870d41 100644
--- a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsBackChannelLogoutBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsBackChannelLogoutBeans.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -10,10 +10,11 @@
 import java.util.stream.StreamSupport;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
@@ -34,7 +35,8 @@
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsNotServlet;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
 
 import reactor.core.publisher.Mono;
 
@@ -48,15 +50,18 @@
  * Implementation is made with a security filter-chain intercepting just the "/backchannel_logout" route and a controller handling requests to that end-point.
  * </p>
  * <p>
- * This beans are defined only if "com.c4-soft.springaddons.security.client.back-channel-logout-enabled" property is true.
+ * This beans are defined only if "com.c4-soft.springaddons.oidc.client.back-channel-logout-enabled" property is true.
  * </p>
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty("com.c4-soft.springaddons.security.client.back-channel-logout-enabled")
+@Conditional(IsNotServlet.class)
+@ConditionalOnProperty("com.c4-soft.springaddons.oidc.client.back-channel-logout-enabled")
 @AutoConfiguration
-@Import({ SpringAddonsOAuth2ClientProperties.class })
-public class SpringAddonsBackChannelLogoutBeans {
+@ImportAutoConfiguration(ReactiveSpringAddonsOidcBeans.class)
+public class ReactiveSpringAddonsBackChannelLogoutBeans {
+
+	private static final String BACKCHANNEL_LOGOUT_PATH = "/backchannel_logout";
 
 	/**
 	 * Requests from the OP are anonymous, are not part of a session, and have no CSRF token. It contains a logout JWT which serves both to authenticate the
@@ -70,7 +75,7 @@ public class SpringAddonsBackChannelLogoutBeans {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	@Bean
 	SecurityWebFilterChain springAddonsBackChannelLogoutClientFilterChain(ServerHttpSecurity http, ServerProperties serverProperties) throws Exception {
-		http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/backchannel_logout"));
+		http.securityMatcher(new PathPatternParserServerWebExchangeMatcher(BACKCHANNEL_LOGOUT_PATH));
 		http.authorizeExchange(exchange -> exchange.anyExchange().permitAll());
 		if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
 			http.redirectToHttps(withDefaults());
@@ -113,7 +118,7 @@ public BackChannelLogoutController(
 									provider -> NimbusReactiveJwtDecoder.withJwkSetUri(provider.getJwkSetUri()).build()));
 		}
 
-		@PostMapping(path = "/backchannel_logout", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+		@PostMapping(path = BACKCHANNEL_LOGOUT_PATH, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
 		public Mono<ResponseEntity<Void>> backChannelLogout(ServerWebExchange serverWebExchange) {
 			return serverWebExchange.getFormData().map(body -> {
 				final var tokenString = body.get("logout_token");
diff --git a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ClientBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java
similarity index 63%
rename from webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ClientBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java
index 7797ed064..acb7cc8a7 100644
--- a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ClientBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java
@@ -1,36 +1,23 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import java.time.Duration;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.stream.Stream;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
-import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
-import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
@@ -39,9 +26,6 @@
 import org.springframework.security.web.server.csrf.CsrfToken;
 import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.reactive.CorsConfigurationSource;
-import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebSession;
 import org.springframework.web.server.session.DefaultWebSessionManager;
@@ -50,13 +34,16 @@
 import org.springframework.web.server.session.WebSessionStore;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.ConfigurableClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.CookieCsrfCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsNotServlet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcClientCondition;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
 
 import lombok.extern.slf4j.Slf4j;
 import reactor.core.publisher.Mono;
@@ -64,19 +51,19 @@
 /**
  * The following {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBeans} are auto-configured
  * <ul>
- * <li>springAddonsClientFilterChain: a {@link SecurityWebFilterChain}. Instantiated only if "com.c4-soft.springaddons.security.client.security-matchers"
- * property has at least one entry. If defined, it is with a high precedence, to ensure that all routes defined in this security matcher property are
- * intercepted by this filter-chain.</li>
+ * <li>springAddonsClientFilterChain: a {@link SecurityWebFilterChain}. Instantiated only if "com.c4-soft.springaddons.oidc.client.security-matchers" property
+ * has at least one entry. If defined, it is with a high precedence, to ensure that all routes defined in this security matcher property are intercepted by this
+ * filter-chain.</li>
  * <li>logoutRequestUriBuilder: builder for <a href= "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a> queries, taking
  * configuration from properties for OIDC providers which do not strictly comply with the spec: logout URI not provided by OIDC conf or non standard parameter
  * names (Auth0 and Cognito are samples of such OPs)</li>
- * <li>logoutSuccessHandler: a {@link ServerLogoutSuccessHandler}. Default instance is a {@link SpringAddonsOAuth2ServerLogoutSuccessHandler} which logs a user
- * out from the last authorization server he logged on</li>
+ * <li>logoutSuccessHandler: a {@link ServerLogoutSuccessHandler}. Default instance is a {@link SpringAddonsServerLogoutSuccessHandler} which logs a user out
+ * from the last authorization server he logged on</li>
  * <li>authoritiesConverter: an {@link ClaimSetAuthoritiesConverter}. Default instance is a {@link ConfigurableClaimSetAuthoritiesConverter} which reads
- * spring-addons {@link SpringAddonsSecurityProperties}</li>
+ * spring-addons {@link SpringAddonsOidcProperties}</li>
  * <li>oAuth2AuthorizedClientRepository: a {@link SpringAddonsServerOAuth2AuthorizedClientRepository} (which is also a session listener) capable of handling
  * multi-tenancy and back-channel logout.</li>
- * <li>csrfCookieWebFilter: a {@link WebFilter} to set the CSRF cookie if "com.c4-soft.springaddons.security.client.csrf" is set to cookie</li>
+ * <li>csrfCookieWebFilter: a {@link WebFilter} to set the CSRF cookie if "com.c4-soft.springaddons.oidc.client.csrf" is set to cookie</li>
  * <li>clientAuthorizePostProcessor: a {@link ClientAuthorizeExchangeSpecPostProcessor} post processor to fine tune access control from java configuration. It
  * applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated.</li>
  * <li>clientHttpPostProcessor: a {@link ClientHttpSecurityPostProcessor} to override anything from above auto-configuration. It is called just before the
@@ -90,50 +77,80 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security.client", name = "enabled")
+@Conditional({ IsOidcClientCondition.class, IsNotServlet.class })
 @EnableWebFluxSecurity
 @AutoConfiguration
-@Import({ SpringAddonsOAuth2ClientProperties.class })
+@ImportAutoConfiguration(ReactiveSpringAddonsOidcBeans.class)
 @Slf4j
-public class SpringAddonsOAuth2ClientBeans {
-
-	@ConditionalOnExpression("!(T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers:}') && T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers[0]:}'))")
-	@Order(Ordered.HIGHEST_PRECEDENCE + 1)
+public class ReactiveSpringAddonsOidcClientBeans {
+
+	/**
+	 * <p>
+	 * Instantiated only if "com.c4-soft.springaddons.oidc.client.security-matchers" property has at least one entry. If defined, it is with higher precedence
+	 * than resource server one.
+	 * </p>
+	 * It defines:
+	 * <ul>
+	 * <li>If the path to login page was provided in conf, a &#64;Controller must be provided to handle it. Otherwise Spring Boot default generated one is
+	 * used</li>
+	 * <li>logout (using {@link SpringAddonsServerLogoutSuccessHandler} by default)</li>
+	 * <li>forces SSL usage if it is enabled</li> properties</li>
+	 * <li>CSRF protection as defined in spring-addons <b>client</b> properties (enabled by default in this filter-chain).</li>
+	 * <li>allow access to unauthorized requests to path matchers listed in spring-security <b>client</b> "permit-all" property</li>
+	 * <li>as usual, apply {@link ClientAuthorizeExchangeSpecPostProcessor} for access control configuration from Java conf and
+	 * {@link ClientHttpSecurityPostProcessor} to override anything from the auto-configuration listed above</li>
+	 * </ul>
+	 *
+	 * @param  http                         the security filter-chain builder to configure
+	 * @param  serverProperties             Spring Boot standard server properties
+	 * @param  authorizationRequestResolver the authorization request resolver to use. By default {@link ServerOAuth2AuthorizationRequestResolver} (adds
+	 *                                      authorization request parameters defined in properties and builds absolutes callback URI)
+	 * @param  logoutSuccessHandler         Defaulted to {@link SpringAddonsServerLogoutSuccessHandler} which can handle "almost" RP Initiated Logout conformant
+	 *                                      OPs (like Auth0 and Cognito)
+	 * @param  addonsProperties             {@link SpringAddonsOAuth2ClientProperties spring-addons client properties}
+	 * @param  authorizePostProcessor       post process authorization after "permit-all" configuration was applied (default is "isAuthenticated()" to
+	 *                                      everything that was not matched)
+	 * @param  httpPostProcessor            post process the "http" builder just before it is returned (enables to override anything from the
+	 *                                      auto-configuration) spring-addons client properties}
+	 * @return                              a security filter-chain scoped to specified security-matchers and adapted to OAuth2 clients
+	 * @throws Exception                    in case of miss-configuration
+	 */
+	@Order(Ordered.LOWEST_PRECEDENCE - 1)
 	@Bean
 	SecurityWebFilterChain clientFilterChain(
 			ServerHttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsOAuth2ClientProperties clientProperties,
+			SpringAddonsOidcProperties addonsProperties,
 			ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver,
 			ServerLogoutSuccessHandler logoutSuccessHandler,
 			ClientAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
 			ClientHttpSecurityPostProcessor httpPostProcessor)
 			throws Exception {
 
-		final var clientRoutes = Stream.of(clientProperties.getSecurityMatchers()).map(PathPatternParserServerWebExchangeMatcher::new)
+		final var clientRoutes = Stream.of(addonsProperties.getClient().getSecurityMatchers()).map(PathPatternParserServerWebExchangeMatcher::new)
 				.toArray(PathPatternParserServerWebExchangeMatcher[]::new);
-		log.info("Applying client OAuth2 configuration for: {}", (Object[]) clientProperties.getSecurityMatchers());
+		log.info("Applying client OAuth2 configuration for: {}", (Object[]) addonsProperties.getClient().getSecurityMatchers());
 		http.securityMatcher(new OrServerWebExchangeMatcher(clientRoutes));
 
 		// @formatter:off
-        clientProperties.getLoginPath().ifPresent(loginPath -> {
+        addonsProperties.getClient().getLoginPath().ifPresent(loginPath -> {
         http.exceptionHandling(exceptionHandling -> exceptionHandling
-                .authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint(UriComponentsBuilder.fromUri(clientProperties.getClientUri()).path(loginPath).build().toString())));
+                .authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint(UriComponentsBuilder.fromUri(addonsProperties.getClient().getClientUri()).path(loginPath).build().toString())));
         });
 
         http.oauth2Login(oauth2 -> {
         	oauth2.authorizationRequestResolver(authorizationRequestResolver);
-            clientProperties.getPostLoginRedirectPath().ifPresent(postLoginRedirectPath -> {
-                oauth2.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler(UriComponentsBuilder.fromUri(clientProperties.getClientUri()).path(postLoginRedirectPath).build().toString()));
+            addonsProperties.getClient().getPostLoginRedirectPath().ifPresent(postLoginRedirectPath -> {
+                oauth2.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler(UriComponentsBuilder.fromUri(addonsProperties.getClient().getClientUri()).path(postLoginRedirectPath).build().toString()));
             });
-            clientProperties.getLoginPath().ifPresent(loginPath -> {
-                oauth2.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler(UriComponentsBuilder.fromUri(clientProperties.getClientUri()).path(loginPath).build().toString()));
+            addonsProperties.getClient().getLoginPath().ifPresent(loginPath -> {
+                oauth2.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler(UriComponentsBuilder.fromUri(addonsProperties.getClient().getClientUri()).path(loginPath).build().toString()));
             });
         });
 
         http.logout(logout -> logout.logoutSuccessHandler(logoutSuccessHandler));
 
-        ReactiveConfigurationSupport.configureClient(http, serverProperties, clientProperties, authorizePostProcessor, httpPostProcessor);
+        ReactiveConfigurationSupport.configureClient(http, serverProperties, addonsProperties.getClient(), authorizePostProcessor, httpPostProcessor);
 
         return http.build();
     }
@@ -145,7 +162,7 @@ SecurityWebFilterChain clientFilterChain(
      * (Keycloak for instance), off course, but also those which are close enough to
      * it (Auth0, Cognito, ...)
      *
-     * @param clientProps {@link SpringAddonsOAuth2ClientProperties} to pick logout
+     * @param addonsProperties {@link SpringAddonsOAuth2ClientProperties} to pick logout
      *                    configuration for divergence to the standard (logout URI
      *                    not provided in .well-known/openid-configuration and
      *                    non-conform parameter names)
@@ -153,8 +170,8 @@ SecurityWebFilterChain clientFilterChain(
      */
     @ConditionalOnMissingBean
     @Bean
-    LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOAuth2ClientProperties clientProps) {
-        return new SpringAddonsOAuth2LogoutRequestUriBuilder(clientProps);
+    LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOidcProperties addonsProperties) {
+        return new SpringAddonsOAuth2LogoutRequestUriBuilder(addonsProperties.getClient());
     }
 
     /**
@@ -164,73 +181,13 @@ LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOAuth2ClientProperti
      *
      * @param logoutRequestUriBuilder      delegate doing the smart job
      * @param clientRegistrationRepository
-     * @return {@link SpringAddonsOAuth2ServerLogoutSuccessHandler}
+     * @return {@link SpringAddonsServerLogoutSuccessHandler}
      */
     @ConditionalOnMissingBean
     @Bean
     ServerLogoutSuccessHandler logoutSuccessHandler(LogoutRequestUriBuilder logoutUriBuilder,
             ReactiveClientRegistrationRepository clientRegistrationRepo) {
-        return new SpringAddonsOAuth2ServerLogoutSuccessHandler(logoutUriBuilder, clientRegistrationRepo);
-    }
-
-    /**
-     * Instantiate a {@link ConfigurableClaimSetAuthoritiesConverter} from token
-     * claims to spring authorities (which claims to pick, how to transform roles
-     * strings for each claim).
-     *
-     * @param addonsProperties converter configuration source
-     * @return {@link ConfigurableClaimSetAuthoritiesConverter}
-     */
-    @ConditionalOnMissingBean
-    @Bean
-    ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-        return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-    }
-
-    /**
-     *
-     * @param authoritiesConverter the authorities converter to use (by default
-     *                             {@link ConfigurableClaimSetAuthoritiesConverter})
-     * @return {@link GrantedAuthoritiesMapper} using the authorities converter in
-     *         the context
-     */
-    @ConditionalOnMissingBean
-    @Bean
-    GrantedAuthoritiesMapper grantedAuthoritiesMapper(
-            Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter) {
-        return (authorities) -> {
-            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
-
-            authorities.forEach(authority -> {
-                if (authority instanceof OidcUserAuthority oidcAuth) {
-                    mappedAuthorities.addAll(authoritiesConverter.convert(oidcAuth.getIdToken().getClaims()));
-
-                } else if (authority instanceof OAuth2UserAuthority oauth2Auth) {
-                    mappedAuthorities.addAll(authoritiesConverter.convert(oauth2Auth.getAttributes()));
-
-                }
-            });
-
-            return mappedAuthorities;
-        };
-    }
-
-    /**
-     *
-     * @param corsProperties the properties to pick CORS configuration from
-     * @return a CORS configuration built from properties
-     */
-    CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-        final var source = new UrlBasedCorsConfigurationSource();
-        for (final var corsProps : corsProperties) {
-            final var configuration = new CorsConfiguration();
-            configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-            configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-            configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-            configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-            source.registerCorsConfiguration(corsProps.getPath(), configuration);
-        }
-        return source;
+        return new SpringAddonsServerLogoutSuccessHandler(logoutUriBuilder, clientRegistrationRepo);
     }
 
     /**
@@ -280,7 +237,7 @@ ClientHttpSecurityPostProcessor clientHttpPostProcessor() {
     /**
      * https://docs.spring.io/spring-security/reference/5.8/migration/reactive.html#_i_am_using_angularjs_or_another_javascript_framework
      */
-    @Conditional(CookieCsrf.class)
+    @Conditional(CookieCsrfCondition.class)
     @ConditionalOnMissingBean(name = "csrfCookieWebFilter")
     @Bean
     WebFilter csrfCookieWebFilter() {
@@ -291,24 +248,6 @@ WebFilter csrfCookieWebFilter() {
         };
     }
 
-    static class CookieCsrf extends AnyNestedCondition {
-
-        public CookieCsrf() {
-            super(ConfigurationPhase.PARSE_CONFIGURATION);
-        }
-
-        @ConditionalOnProperty(name = "com.c4-soft.springaddons.security.client.csrf", havingValue = "cookie-accessible-from-js")
-        static class Value1Condition {
-
-        }
-
-        @ConditionalOnProperty(name = "com.c4-soft.springaddons.security.client.csrf", havingValue = "cookie-http-only")
-        static class Value2Condition {
-
-        }
-
-    }
-
     @ConditionalOnMissingBean
     @Bean
     WebSessionManager webSessionManager(WebSessionStore webSessionStore) {
@@ -333,8 +272,8 @@ default void sessionRemoved(String sessionId) {
 
     @ConditionalOnMissingBean
     @Bean
-    ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(InMemoryReactiveClientRegistrationRepository clientRegistrationRepository, SpringAddonsOAuth2ClientProperties addonsClientProperties) {
-    	return new SpringAddonsServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository, addonsClientProperties);
+    ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver(InMemoryReactiveClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcProperties addonsProperties) {
+    	return new SpringAddonsServerOAuth2AuthorizationRequestResolver(clientRegistrationRepository, addonsProperties.getClient());
     }
 
     /**
diff --git a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ServerLogoutSuccessHandler.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerLogoutSuccessHandler.java
similarity index 78%
rename from webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ServerLogoutSuccessHandler.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerLogoutSuccessHandler.java
index 819126009..01a93e159 100644
--- a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ServerLogoutSuccessHandler.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerLogoutSuccessHandler.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import java.net.URI;
 
@@ -12,9 +12,9 @@
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
 
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
 
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
@@ -23,14 +23,14 @@
 /**
  * <p>
  * Provide with <a href= "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a> for authorization-servers fully compliant with
- * OIDC standard as well as those "almost" implementing the spec. It is (auto)configured with {@link SpringAddonsOAuth2ClientProperties}.
+ * OIDC standard as well as those "almost" implementing the spec. It is (auto)configured with {@link SpringAddonsOidcClientProperties}.
  * </p>
  * <p>
  * <b>This implementation is not multi-tenant ready</b>. It will terminate the user session on this application as well as on a single authorization-server (the
  * one which emitted the access-token with which the logout request is made).
  * </p>
  * <p>
- * This bean is auto-configured by {@link SpringAddonsOAuth2ClientBeans} as {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBean} of type
+ * This bean is auto-configured by {@link ReactiveSpringAddonsOidcClientBeans} as {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBean} of type
  * {@link ServerLogoutSuccessHandler}. Usage:
  * </p>
  *
@@ -42,11 +42,11 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  * @see    SpringAddonsOAuth2LogoutRequestUriBuilder
- * @see    SpringAddonsOAuth2ClientProperties
+ * @see    SpringAddonsOidcClientProperties
  */
 @Data
 @RequiredArgsConstructor
-public class SpringAddonsOAuth2ServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
+public class SpringAddonsServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
 	private final LogoutRequestUriBuilder uriBuilder;
 	private final ReactiveClientRegistrationRepository clientRegistrationRepo;
 	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
diff --git a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolver.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolver.java
similarity index 90%
rename from webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolver.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolver.java
index 6db7f988c..c14cf10ab 100644
--- a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolver.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolver.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -13,8 +13,8 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.web.server.ServerWebExchange;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties.RequestParam;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties.RequestParam;
 
 import reactor.core.publisher.Mono;
 
@@ -27,7 +27,7 @@ public class SpringAddonsServerOAuth2AuthorizationRequestResolver extends Defaul
 
 	public SpringAddonsServerOAuth2AuthorizationRequestResolver(
 			InMemoryReactiveClientRegistrationRepository clientRegistrationRepository,
-			SpringAddonsOAuth2ClientProperties addonsClientProperties) {
+			SpringAddonsOidcClientProperties addonsClientProperties) {
 		super(clientRegistrationRepository);
 		clientRegistrationRepository.forEach(reg -> {
 			final var params = addonsClientProperties.getAuthorizationRequestParams().get(reg.getRegistrationId());
diff --git a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizedClientRepository.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizedClientRepository.java
similarity index 97%
rename from webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizedClientRepository.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizedClientRepository.java
index 3f0e74c18..bc51a2c5e 100644
--- a/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizedClientRepository.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizedClientRepository.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import java.util.Collections;
 import java.util.HashSet;
@@ -20,8 +20,8 @@
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebSession;
 
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans.SpringAddonsWebSessionStore;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans.WebSessionListener;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans.SpringAddonsWebSessionStore;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans.WebSessionListener;
 import com.nimbusds.jwt.JWTClaimNames;
 
 import reactor.core.publisher.Flux;
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ReactiveJwtAbstractAuthenticationTokenConverter.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveJwtAbstractAuthenticationTokenConverter.java
similarity index 82%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ReactiveJwtAbstractAuthenticationTokenConverter.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveJwtAbstractAuthenticationTokenConverter.java
index 85829bf4b..c4c387ac8 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/ReactiveJwtAbstractAuthenticationTokenConverter.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveJwtAbstractAuthenticationTokenConverter.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver;
 
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java
similarity index 66%
rename from webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java
index 329d8338f..48ff4ea14 100644
--- a/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ReactiveSpringAddonsOidcResourceServerBeans.java
@@ -1,8 +1,7 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver;
 
 import java.net.URI;
 import java.nio.charset.Charset;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -10,19 +9,19 @@
 import java.util.stream.Stream;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
-import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
+import org.springframework.core.convert.converter.Converter;
 import org.springframework.core.io.buffer.DataBufferUtils;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
@@ -42,15 +41,18 @@
 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
 import org.springframework.security.web.server.csrf.CsrfToken;
 import org.springframework.util.StringUtils;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.reactive.CorsConfigurationSource;
-import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 
-import com.c4_soft.springaddons.security.oauth2.config.ReactiveJwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.CookieCsrfCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationManagerResolverCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.IsIntrospectingResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.IsJwtDecoderResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsNotServlet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.reactive.ReactiveSpringAddonsOidcBeans;
 
 import lombok.extern.slf4j.Slf4j;
 import reactor.core.publisher.Mono;
@@ -66,9 +68,9 @@
  * </p>
  * <ul>
  * <li><b>SecurityWebFilterChain</b>: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL redirect and 401 instead of redirect to login properties as
- * defined in {@link SpringAddonsSecurityProperties}</li>
+ * defined in {@link SpringAddonsOidcProperties}</li>
  * <li><b>AuthorizeExchangeSpecPostProcessor</b>. Override if you need fined grained HTTP security (more than authenticated() to all routes but the ones defined
- * as permitAll() in {@link SpringAddonsSecurityProperties}</li>
+ * as permitAll() in {@link SpringAddonsOidcProperties}</li>
  * <li><b>Jwt2AuthoritiesConverter</b>: responsible for converting the JWT into Collection&lt;? extends GrantedAuthority&gt;</li>
  * <li><b>ReactiveJwt2OpenidClaimSetConverter&lt;T extends Map&lt;String, Object&gt; &amp; Serializable&gt;</b>: responsible for converting the JWT into a
  * claim-set of your choice (OpenID or not)</li>
@@ -80,12 +82,12 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security", name = "enabled")
+@Conditional({ IsOidcResourceServerCondition.class, IsNotServlet.class })
 @EnableWebFluxSecurity
 @AutoConfiguration
+@ImportAutoConfiguration(ReactiveSpringAddonsOidcBeans.class)
 @Slf4j
-@Import({ AddonsSecurityBeans.class })
-public class AddonsWebSecurityBeans {
+public class ReactiveSpringAddonsOidcResourceServerBeans {
 
 	/**
 	 * <p>
@@ -100,7 +102,7 @@ public class AddonsWebSecurityBeans {
 	 *
 	 * @param  http                          HTTP security to configure
 	 * @param  serverProperties              Spring "server" configuration properties
-	 * @param  addonsProperties              "com.c4-soft.springaddons.security" configuration properties
+	 * @param  addonsProperties              "com.c4-soft.springaddons.oidc" configuration properties
 	 * @param  authorizePostProcessor        Hook to override access-control rules for all path that are not listed in "permit-all"
 	 * @param  httpPostProcessor             Hook to override all or part of HttpSecurity auto-configuration
 	 * @param  authenticationManagerResolver Converts successful JWT decoding result into an {@link Authentication}
@@ -108,20 +110,75 @@ public class AddonsWebSecurityBeans {
 	 * @return                               A default {@link SecurityWebFilterChain} for reactive resource-servers with JWT decoder(matches all unmatched
 	 *                                       routes with lowest precedence)
 	 */
+	@Conditional(IsJwtDecoderResourceServerCondition.class)
 	@Order(Ordered.LOWEST_PRECEDENCE)
 	@Bean
-	SecurityWebFilterChain springAddonsResourceServerSecurityFilterChain(
+	SecurityWebFilterChain springAddonsJwtResourceServerSecurityFilterChain(
 			ServerHttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties,
+			SpringAddonsOidcProperties addonsProperties,
 			ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
 			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
 			ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver,
 			ServerAccessDeniedHandler accessDeniedHandler) {
 		http.oauth2ResourceServer(server -> server.authenticationManagerResolver(authenticationManagerResolver));
 
-		ReactiveConfigurationSupport
-				.configureResourceServer(http, serverProperties, addonsProperties, accessDeniedHandler, authorizePostProcessor, httpPostProcessor);
+		ReactiveConfigurationSupport.configureResourceServer(
+				http,
+				serverProperties,
+				addonsProperties.getResourceserver(),
+				accessDeniedHandler,
+				authorizePostProcessor,
+				httpPostProcessor);
+
+		return http.build();
+	}
+
+	/**
+	 * <p>
+	 * Applies SpringAddonsSecurityProperties to web security config. Be aware that defining a {@link SecurityWebFilterChain} bean with no security matcher and
+	 * an order higher than LOWEST_PRECEDENCE will disable most of this lib auto-configuration for OpenID resource-servers.
+	 * </p>
+	 * <p>
+	 * You should consider to set security matcher to all other {@link SecurityWebFilterChain} beans and provide a
+	 * {@link ResourceServerHttpSecurityPostProcessor} bean to override anything from this bean
+	 * </p>
+	 * .
+	 *
+	 * @param  http                                 HTTP security to configure
+	 * @param  serverProperties                     Spring "server" configuration properties
+	 * @param  addonsProperties                     "com.c4-soft.springaddons.oidc" configuration properties
+	 * @param  authorizePostProcessor               Hook to override access-control rules for all path that are not listed in "permit-all"
+	 * @param  httpPostProcessor                    Hook to override all or part of HttpSecurity auto-configuration
+	 * @param  introspectionAuthenticationConverter Converts successful introspection result into an {@link Authentication}
+	 * @param  accessDeniedHandler                  handler for unauthorized requests (missing or invalid access-token)
+	 * @return                                      A default {@link SecurityWebFilterChain} for reactive resource-servers with access-token introspection
+	 *                                              (matches all unmatched routes with lowest precedence)
+	 */
+	@Conditional(IsIntrospectingResourceServerCondition.class)
+	@Order(Ordered.LOWEST_PRECEDENCE)
+	@Bean
+	SecurityWebFilterChain springAddonsIntrospectingResourceServerSecurityFilterChain(
+			ServerHttpSecurity http,
+			ServerProperties serverProperties,
+			SpringAddonsOidcProperties addonsProperties,
+			ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
+			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
+			org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter introspectionAuthenticationConverter,
+			org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector opaqueTokenIntrospector,
+			ServerAccessDeniedHandler accessDeniedHandler) {
+		http.oauth2ResourceServer(server -> server.opaqueToken(ot -> {
+			ot.introspector(opaqueTokenIntrospector);
+			ot.authenticationConverter(introspectionAuthenticationConverter);
+		}));
+
+		ReactiveConfigurationSupport.configureResourceServer(
+				http,
+				serverProperties,
+				addonsProperties.getResourceserver(),
+				accessDeniedHandler,
+				authorizePostProcessor,
+				httpPostProcessor);
 
 		return http.build();
 	}
@@ -149,54 +206,41 @@ ResourceServerHttpSecurityPostProcessor httpPostProcessor() {
 		return serverHttpSecurity -> serverHttpSecurity;
 	}
 
-	CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-		final var source = new UrlBasedCorsConfigurationSource();
-		for (final var corsProps : corsProperties) {
-			final var configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-			configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-			configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-			configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-			source.registerCorsConfiguration(corsProps.getPath(), configuration);
-		}
-		return source;
-	}
-
 	/**
 	 * Provides with multi-tenancy: builds a ReactiveAuthenticationManagerResolver per provided OIDC issuer URI
 	 *
 	 * @param  auth2ResourceServerProperties "spring.security.oauth2.resourceserver" configuration properties
-	 * @param  addonsProperties              "com.c4-soft.springaddons.security" configuration properties
+	 * @param  addonsProperties              "com.c4-soft.springaddons.oidc" configuration properties
 	 * @param  jwtAuthenticationConverter    converts from a {@link Jwt} to an {@link Authentication} implementation
 	 * @return                               Multi-tenant {@link ReactiveAuthenticationManagerResolver} (one for each configured issuer)
 	 */
-	@ConditionalOnMissingBean
+	@Conditional(DefaultAuthenticationManagerResolverCondition.class)
 	@Bean
 	ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver(
 			OAuth2ResourceServerProperties auth2ResourceServerProperties,
-			SpringAddonsSecurityProperties addonsProperties,
-			ReactiveJwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter) {
+			SpringAddonsOidcProperties addonsProperties,
+			Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
 		final var jwtProps = Optional.ofNullable(auth2ResourceServerProperties).map(OAuth2ResourceServerProperties::getJwt);
 		// @formatter:off
 		Optional.ofNullable(jwtProps.map(OAuth2ResourceServerProperties.Jwt::getIssuerUri)).orElse(jwtProps.map(OAuth2ResourceServerProperties.Jwt::getJwkSetUri))
 		    .filter(StringUtils::hasLength)
 		    .ifPresent(jwtConf -> {
-				log.warn("spring.security.oauth2.resourceserver configuration will be ignored in favor of com.c4-soft.springaddons.security");
+				log.warn("spring.security.oauth2.resourceserver configuration will be ignored in favor of com.c4-soft.springaddons.oidc");
 			});
 		// @formatter:on
 
 		final Map<String, Mono<ReactiveAuthenticationManager>> jwtManagers =
-				Stream.of(addonsProperties.getIssuers()).collect(Collectors.toMap(issuer -> issuer.getLocation().toString(), issuer -> {
+				Stream.of(addonsProperties.getOps()).collect(Collectors.toMap(issuer -> issuer.getIss().toString(), issuer -> {
 					final var decoder = issuer.getJwkSetUri() != null && StringUtils.hasLength(issuer.getJwkSetUri().toString())
 							? NimbusReactiveJwtDecoder.withJwkSetUri(issuer.getJwkSetUri().toString()).build()
-							: NimbusReactiveJwtDecoder.withIssuerLocation(issuer.getLocation().toString()).build();
+							: NimbusReactiveJwtDecoder.withIssuerLocation(issuer.getIss().toString()).build();
 
-					final OAuth2TokenValidator<Jwt> defaultValidator = Optional.ofNullable(issuer.getLocation()).map(URI::toString)
+					final OAuth2TokenValidator<Jwt> defaultValidator = Optional.ofNullable(issuer.getIss()).map(URI::toString)
 							.map(JwtValidators::createDefaultWithIssuer).orElse(JwtValidators.createDefault());
 
 					// If the spring-addons conf for resource server contains a non empty audience, add an audience validator
 				// @formatter:off
-					final OAuth2TokenValidator<Jwt> jwtValidator = Optional.ofNullable(issuer.getAudience())
+					final OAuth2TokenValidator<Jwt> jwtValidator = Optional.ofNullable(issuer.getAud())
 							.filter(StringUtils::hasText)
 							.map(audience -> new JwtClaimValidator<List<String>>(
 									JwtClaimNames.AUD,
@@ -214,7 +258,7 @@ ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerRe
 		log.debug(
 				"Building default JwtIssuerReactiveAuthenticationManagerResolver with: {} {}",
 				auth2ResourceServerProperties.getJwt(),
-				Stream.of(addonsProperties.getIssuers()).toList());
+				Stream.of(addonsProperties.getOps()).toList());
 		return new JwtIssuerReactiveAuthenticationManagerResolver(issuerLocation -> jwtManagers.getOrDefault(issuerLocation, Mono.empty()));
 	}
 
@@ -240,7 +284,7 @@ ServerAccessDeniedHandler serverAccessDeniedHandler() {
 	/**
 	 * https://docs.spring.io/spring-security/reference/5.8/migration/reactive.html#_i_am_using_angularjs_or_another_javascript_framework
 	 */
-	@Conditional(CookieCsrf.class)
+	@Conditional(CookieCsrfCondition.class)
 	@ConditionalOnMissingBean(name = "csrfCookieWebFilter")
 	@Bean
 	WebFilter csrfCookieWebFilter() {
@@ -250,22 +294,4 @@ WebFilter csrfCookieWebFilter() {
 			}).then(chain.filter(exchange));
 		};
 	}
-
-	static class CookieCsrf extends AnyNestedCondition {
-
-		public CookieCsrf() {
-			super(ConfigurationPhase.PARSE_CONFIGURATION);
-		}
-
-		@ConditionalOnProperty(name = "com.c4-soft.springaddons.security.csrf", havingValue = "cookie-accessible-from-js")
-		static class Value1Condition {
-
-		}
-
-		@ConditionalOnProperty(name = "com.c4-soft.springaddons.security.csrf", havingValue = "cookie-http-only")
-		static class Value2Condition {
-
-		}
-
-	}
 }
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerAuthorizeExchangeSpecPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerAuthorizeExchangeSpecPostProcessor.java
new file mode 100644
index 000000000..83e365bf1
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerAuthorizeExchangeSpecPostProcessor.java
@@ -0,0 +1,14 @@
+package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver;
+
+import com.c4_soft.springaddons.security.oidc.starter.reactive.AuthorizeExchangeSpecPostProcessor;
+
+/**
+ * Customize access-control for routes which where not listed in
+ * {@link com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties#permitAll SpringAddonsOidcClientProperties::permit-all} or
+ * {@link com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcResourceServerProperties#permitAll
+ * SpringAddonsOidcResourceServerProperties::permit-all}
+ *
+ * @author ch4mp
+ */
+public interface ResourceServerAuthorizeExchangeSpecPostProcessor extends AuthorizeExchangeSpecPostProcessor {
+}
\ No newline at end of file
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerHttpSecurityPostProcessor.java
new file mode 100644
index 000000000..7a167d4dc
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/resourceserver/ResourceServerHttpSecurityPostProcessor.java
@@ -0,0 +1,14 @@
+package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver;
+
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+
+import com.c4_soft.springaddons.security.oidc.starter.reactive.HttpSecurityPostProcessor;
+
+/**
+ * Process {@link ServerHttpSecurity} of default security filter-chain after it was processed by spring-addons. This enables to override anything that was
+ * auto-configured (or add to it).
+ *
+ * @author ch4mp
+ */
+public interface ResourceServerHttpSecurityPostProcessor extends HttpSecurityPostProcessor {
+}
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java
similarity index 58%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java
index 3beea5559..f86d1c7fc 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ExpressionInterceptUrlRegistryPostProcessor.java
@@ -1,13 +1,15 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcResourceServerProperties;
 
 /**
- * Customize access-control for routes which where not listed in {@link SpringAddonsSecurityProperties#permitAll}
- * 
+ * Customize access-control for routes which where not listed in {@link SpringAddonsOidcClientProperties#permitAll} or
+ * {@link SpringAddonsOidcResourceServerProperties#permitAll}
+ *
  * @author ch4mp
  */
 public interface ExpressionInterceptUrlRegistryPostProcessor {
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/HttpServletRequestSupport.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/HttpServletRequestSupport.java
similarity index 98%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/HttpServletRequestSupport.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/HttpServletRequestSupport.java
index e8ee54062..aaf42bb8c 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/HttpServletRequestSupport.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/HttpServletRequestSupport.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised;
 
 import java.util.List;
 import java.util.Optional;
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServerHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServerHttpSecurityPostProcessor.java
similarity index 74%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServerHttpSecurityPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServerHttpSecurityPostProcessor.java
index 9c5530f72..837c05246 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServerHttpSecurityPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServerHttpSecurityPostProcessor.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServletConfigurationSupport.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServletConfigurationSupport.java
similarity index 78%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServletConfigurationSupport.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServletConfigurationSupport.java
index 0b2eabdb9..87885bfe0 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ServletConfigurationSupport.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/ServletConfigurationSupport.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -18,9 +18,14 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.Csrf;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcResourceServerProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.ClientExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.client.ClientHttpSecurityPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerExpressionInterceptUrlRegistryPostProcessor;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.ResourceServerHttpSecurityPostProcessor;
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -32,7 +37,7 @@ public class ServletConfigurationSupport {
 	public static HttpSecurity configureResourceServer(
 			HttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsResourceServerProperties,
+			SpringAddonsOidcResourceServerProperties addonsResourceServerProperties,
 			ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
 			ResourceServerHttpSecurityPostProcessor httpPostProcessor)
 			throws Exception {
@@ -41,12 +46,10 @@ public static HttpSecurity configureResourceServer(
 		ServletConfigurationSupport.configureState(http, addonsResourceServerProperties.isStatlessSessions(), addonsResourceServerProperties.getCsrf());
 		ServletConfigurationSupport.configureAccess(http, addonsResourceServerProperties.getPermitAll(), authorizePostProcessor);
 
-		if (!addonsResourceServerProperties.isRedirectToLoginIfUnauthorizedOnRestrictedContent()) {
-			http.exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint((request, response, authException) -> {
-				response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Restricted Content\"");
-				response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
-			}));
-		}
+		http.exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint((request, response, authException) -> {
+			response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Restricted Content\"");
+			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
+		}));
 
 		if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
 			http.requiresChannel(channel -> channel.anyRequest().requiresSecure());
@@ -58,7 +61,7 @@ public static HttpSecurity configureResourceServer(
 	public static HttpSecurity configureClient(
 			HttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsOAuth2ClientProperties addonsClientProperties,
+			SpringAddonsOidcClientProperties addonsClientProperties,
 			ClientExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
 			ClientHttpSecurityPostProcessor httpPostProcessor)
 			throws Exception {
@@ -92,10 +95,12 @@ public static HttpSecurity configureCors(HttpSecurity http, CorsProperties[] cor
 			final var source = new UrlBasedCorsConfigurationSource();
 			for (final var corsProps : corsProperties) {
 				final var configuration = new CorsConfiguration();
-				configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-				configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
+				configuration.setAllowCredentials(corsProps.getAllowCredentials());
 				configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
+				configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
+				configuration.setAllowedOriginPatterns(Arrays.asList(corsProps.getAllowedOriginPatterns()));
 				configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
+				configuration.setMaxAge(corsProps.getMaxAge());
 				source.registerCorsConfiguration(corsProps.getPath(), configuration);
 			}
 			http.cors(cors -> cors.configurationSource(source));
@@ -103,7 +108,7 @@ public static HttpSecurity configureCors(HttpSecurity http, CorsProperties[] cor
 		return http;
 	}
 
-	public static HttpSecurity configureState(HttpSecurity http, boolean isStatless, SpringAddonsSecurityProperties.Csrf csrfEnum) throws Exception {
+	public static HttpSecurity configureState(HttpSecurity http, boolean isStatless, Csrf csrfEnum) throws Exception {
 
 		if (isStatless) {
 			http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java
new file mode 100644
index 000000000..bef06e916
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java
@@ -0,0 +1,144 @@
+package com.c4_soft.springaddons.security.oidc.starter.synchronised;
+
+import java.time.Instant;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Stream;
+
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
+import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
+
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.ConfigurableClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultGrantedAuthoritiesMapperCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultJwtAbstractAuthenticationTokenConverterCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultOpaqueTokenAuthenticationConverterCondition;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.JwtAbstractAuthenticationTokenConverter;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * @author Jerome Wacongne ch4mp&#64;c4-soft.com
+ */
+@ConditionalOnWebApplication(type = Type.SERVLET)
+@AutoConfiguration
+@ImportAutoConfiguration(SpringAddonsOidcProperties.class)
+@Slf4j
+public class SpringAddonsOidcBeans {
+
+	/**
+	 * Retrieves granted authorities from a claims-set (decoded from JWT, introspected or obtained from userinfo end-point)
+	 *
+	 * @param  addonsProperties spring-addons configuration properties
+	 * @return
+	 */
+	@ConditionalOnMissingBean
+	@Bean
+	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsOidcProperties addonsProperties) {
+		log.debug("Building default ConfigurableClaimSetAuthoritiesConverter with: {}", (Object[]) addonsProperties.getOps());
+		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
+	}
+
+	/**
+	 * Converter bean from {@link Jwt} to {@link AbstractAuthenticationToken}
+	 *
+	 * @param  authoritiesConverter converts access-token claims into Spring authorities
+	 * @param  addonsProperties     spring-addons configuration properties
+	 * @return                      a converter from {@link Jwt} to {@link AbstractAuthenticationToken}
+	 */
+	@Conditional(DefaultJwtAbstractAuthenticationTokenConverterCondition.class)
+	@Bean
+	JwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter(
+			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
+			SpringAddonsOidcProperties addonsProperties) {
+		return jwt -> new JwtAuthenticationToken(
+				jwt,
+				authoritiesConverter.convert(jwt.getClaims()),
+				new OpenidClaimSet(jwt.getClaims(), addonsProperties.getOpProperties(jwt.getIssuer()).getUsernameClaim()).getName());
+	}
+
+	/**
+	 * Converter bean from successful introspection result to an {@link Authentication} instance
+	 *
+	 * @param  authoritiesConverter     converts access-token claims into Spring authorities
+	 * @param  addonsProperties         spring-addons configuration properties
+	 * @param  resourceServerProperties Spring Boot standard resource server configuration properties
+	 * @return                          a converter from successful introspection result to an {@link Authentication} instance
+	 */
+	@Conditional(DefaultOpaqueTokenAuthenticationConverterCondition.class)
+	@Bean
+	@SuppressWarnings("unchecked")
+	OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
+			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
+			SpringAddonsOidcProperties addonsProperties,
+			OAuth2ResourceServerProperties resourceServerProperties) {
+		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> {
+			return new BearerTokenAuthentication(
+					new OAuth2IntrospectionAuthenticatedPrincipal(
+							new OpenidClaimSet(
+									authenticatedPrincipal.getAttributes(),
+									Stream.of(addonsProperties.getOps())
+											.filter(
+													openidProvider -> resourceServerProperties.getOpaquetoken().getIntrospectionUri()
+															.contains(openidProvider.getIss().toString()))
+											.findAny().orElse(addonsProperties.getOps()[0]).getUsernameClaim()).getName(),
+							authenticatedPrincipal.getAttributes(),
+							(Collection<GrantedAuthority>) authenticatedPrincipal.getAuthorities()),
+					new OAuth2AccessToken(
+							OAuth2AccessToken.TokenType.BEARER,
+							introspectedToken,
+							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT)).longValue()),
+							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)).longValue())),
+					authoritiesConverter.convert(authenticatedPrincipal.getAttributes()));
+		};
+	}
+
+	/**
+	 * @param  authoritiesConverter the authorities converter to use (by default {@link ConfigurableClaimSetAuthoritiesConverter})
+	 * @return                      {@link GrantedAuthoritiesMapper} using the authorities converter in the context
+	 */
+	@Conditional(DefaultGrantedAuthoritiesMapperCondition.class)
+	@Bean
+	GrantedAuthoritiesMapper grantedAuthoritiesMapper(Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter) {
+		return (authorities) -> {
+			Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+
+			authorities.forEach(authority -> {
+				if (authority instanceof OidcUserAuthority oidcAuth) {
+					mappedAuthorities.addAll(authoritiesConverter.convert(oidcAuth.getIdToken().getClaims()));
+
+				} else if (authority instanceof OAuth2UserAuthority oauth2Auth) {
+					mappedAuthorities.addAll(authoritiesConverter.convert(oauth2Auth.getAttributes()));
+
+				}
+			});
+
+			return mappedAuthorities;
+		};
+	}
+}
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientExpressionInterceptUrlRegistryPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientExpressionInterceptUrlRegistryPostProcessor.java
similarity index 56%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientExpressionInterceptUrlRegistryPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientExpressionInterceptUrlRegistryPostProcessor.java
index eedb75637..4b65f13e5 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientExpressionInterceptUrlRegistryPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientExpressionInterceptUrlRegistryPostProcessor.java
@@ -1,4 +1,6 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
+
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 
 /**
  * Post processor for access control in Java configuration.
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientHttpSecurityPostProcessor.java
similarity index 59%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientHttpSecurityPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientHttpSecurityPostProcessor.java
index 0219f1f4e..0aa4ee38d 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ClientHttpSecurityPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/ClientHttpSecurityPostProcessor.java
@@ -1,4 +1,6 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
+
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServerHttpSecurityPostProcessor;
 
 /**
  * A post-processor to override anything from spring-addons client security filter-chain auto-configuration.
diff --git a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsBackChannelLogoutBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsBackChannelLogoutBeans.java
similarity index 86%
rename from webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsBackChannelLogoutBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsBackChannelLogoutBeans.java
index c69e4f3fd..91134555b 100644
--- a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsBackChannelLogoutBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsBackChannelLogoutBeans.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
 
 import java.net.URL;
 import java.util.Map;
@@ -8,10 +8,12 @@
 import java.util.stream.StreamSupport;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
@@ -34,7 +36,7 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
 
 /**
  * <p>
@@ -46,16 +48,19 @@
  * Implementation is made with a security filter-chain intercepting just the "/backchannel_logout" route and a controller handling requests to that end-point.
  * </p>
  * <p>
- * This beans are defined only if "com.c4-soft.springaddons.security.client.back-channel-logout-enabled" property is true.
+ * This beans are defined only if "com.c4-soft.springaddons.oidc.client.back-channel-logout-enabled" property is true.
  * </p>
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty("com.c4-soft.springaddons.security.client.back-channel-logout-enabled")
+@ConditionalOnWebApplication(type = Type.SERVLET)
+@ConditionalOnProperty("com.c4-soft.springaddons.oidc.client.back-channel-logout-enabled")
 @AutoConfiguration
-@Import({ SpringAddonsOAuth2ClientProperties.class })
+@ImportAutoConfiguration(SpringAddonsOidcBeans.class)
 public class SpringAddonsBackChannelLogoutBeans {
 
+	private static final String BACKCHANNEL_LOGOUT_PATH = "/backchannel_logout";
+
 	/**
 	 * Requests from the OP are anonymous, are not part of a session, and have no CSRF token. It contains a logout JWT which serves both to authenticate the
 	 * request and protect against CSRF.
@@ -68,7 +73,7 @@ public class SpringAddonsBackChannelLogoutBeans {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	@Bean
 	SecurityFilterChain springAddonsBackChannelLogoutClientFilterChain(HttpSecurity http, ServerProperties serverProperties) throws Exception {
-		http.securityMatcher(new AntPathRequestMatcher("/backchannel_logout"));
+		http.securityMatcher(new AntPathRequestMatcher(BACKCHANNEL_LOGOUT_PATH));
 		http.authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.anyRequest().permitAll());
 		if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
 			http.requiresChannel(channel -> channel.anyRequest().requiresSecure());
@@ -109,7 +114,7 @@ public BackChannelLogoutController(
 							Collectors.toMap(provider -> provider.getIssuerUri(), provider -> NimbusJwtDecoder.withJwkSetUri(provider.getJwkSetUri()).build()));
 		}
 
-		@PostMapping(path = "/backchannel_logout", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+		@PostMapping(path = BACKCHANNEL_LOGOUT_PATH, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
 		public ResponseEntity<Void> backChannelLogout(@RequestParam MultiValueMap<String, String> body) {
 			final var tokenString = body.get("logout_token");
 			if (tokenString == null || tokenString.size() != 1) {
diff --git a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2LogoutSuccessHandler.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsLogoutSuccessHandler.java
similarity index 75%
rename from webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2LogoutSuccessHandler.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsLogoutSuccessHandler.java
index fb41a3a31..1e3b0a541 100644
--- a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2LogoutSuccessHandler.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsLogoutSuccessHandler.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.security.core.Authentication;
@@ -7,9 +7,9 @@
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
 
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -20,14 +20,14 @@
 /**
  * <p>
  * Provide with <a href= "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a> for authorization-servers fully compliant with
- * OIDC standard as well as those "almost" implementing the spec. It is (auto)configured with {@link SpringAddonsOAuth2ClientProperties}.
+ * OIDC standard as well as those "almost" implementing the spec. It is (auto)configured with {@link SpringAddonsOidcClientProperties}.
  * </p>
  * <p>
  * <b>This implementation is not multi-tenant ready</b>. It will terminate the user session on this application as well as on a single authorization-server (the
  * one which emitted the access-token with which the logout request is made).
  * </p>
  * <p>
- * This bean is auto-configured by {@link SpringAddonsOAuth2ClientBeans} as {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBean} of type
+ * This bean is auto-configured by {@link SpringAddonsOidcClientBeans} as {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBean} of type
  * {@link LogoutSuccessHandler}. Usage:
  * </p>
  *
@@ -39,12 +39,12 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  * @see    SpringAddonsOAuth2LogoutRequestUriBuilder
- * @see    SpringAddonsOAuth2ClientProperties
+ * @see    SpringAddonsOidcClientProperties
  */
 @Data
 @RequiredArgsConstructor
 @EqualsAndHashCode(callSuper = true)
-public class SpringAddonsOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+public class SpringAddonsLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
 	private final LogoutRequestUriBuilder uriBuilder;
 	private final ClientRegistrationRepository clientRegistrationRepository;
 
diff --git a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizationRequestResolver.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizationRequestResolver.java
similarity index 89%
rename from webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizationRequestResolver.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizationRequestResolver.java
index aa5b86fcc..0b17f8047 100644
--- a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizationRequestResolver.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizationRequestResolver.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
 
 import java.net.URI;
 import java.util.HashMap;
@@ -13,15 +13,15 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties.RequestParam;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties.RequestParam;
 
 import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * Support two features:
  * <ul>
- * <li>usage of {@link SpringAddonsOAuth2ClientProperties#getClientUri() SpringAddonsOAuth2ClientProperties#client-uri} in post-login redirection URI</li>
+ * <li>usage of {@link SpringAddonsOidcClientProperties#clientUri SpringAddonsOidcClientProperties#client-uri} in post-login redirection URI</li>
  * <li>defining authorization request additional parameters from properties (like audience for Auth0)</li>
  * </ul>
  *
@@ -37,7 +37,7 @@ public class SpringAddonsOAuth2AuthorizationRequestResolver implements OAuth2Aut
 
 	public SpringAddonsOAuth2AuthorizationRequestResolver(
 			InMemoryClientRegistrationRepository clientRegistrationRepository,
-			SpringAddonsOAuth2ClientProperties addonsClientProperties) {
+			SpringAddonsOidcClientProperties addonsClientProperties) {
 		clientRegistrationRepository.forEach(reg -> {
 			final var params = addonsClientProperties.getAuthorizationRequestParams().get(reg.getRegistrationId());
 			if (params != null) {
diff --git a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizedClientRepository.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientRepository.java
similarity index 99%
rename from webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizedClientRepository.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientRepository.java
index 06e2352d5..19d47cbc0 100644
--- a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2AuthorizedClientRepository.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizedClientRepository.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
 
 import java.util.Collection;
 import java.util.Collections;
diff --git a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2ClientBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java
similarity index 53%
rename from webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2ClientBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java
index dc6cdd97c..39b97f567 100644
--- a/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2ClientBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java
@@ -1,65 +1,52 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Stream;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
-import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
-import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2ClientProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsOAuth2LogoutRequestUriBuilder;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.ClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.ConfigurableClaimSetAuthoritiesConverter;
+import com.c4_soft.springaddons.security.oidc.starter.LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.SpringAddonsOAuth2LogoutRequestUriBuilder;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcClientCondition;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServletConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
 
 import lombok.extern.slf4j.Slf4j;
 
 /**
  * The following {@link ConditionalOnMissingBean &#64;ConditionalOnMissingBeans} are auto-configured
  * <ul>
- * <li>springAddonsClientFilterChain: a {@link SecurityFilterChain}. Instantiated only if "com.c4-soft.springaddons.security.client.security-matchers" property
- * has at least one entry. If defined, it is with highest precedence, to ensure that all routes defined in this security matcher property are intercepted by
- * this filter-chain.</li>
+ * <li>springAddonsClientFilterChain: a {@link SecurityFilterChain}. Instantiated only if "com.c4-soft.springaddons.oidc.client.security-matchers" property has
+ * at least one entry. If defined, it is with highest precedence, to ensure that all routes defined in this security matcher property are intercepted by this
+ * filter-chain.</li>
  * <li>oAuth2AuthorizationRequestResolver: a {@link OAuth2AuthorizationRequestResolver}. Default instance is a
  * {@link SpringAddonsOAuth2AuthorizationRequestResolver} which sets the client hostname in the redirect URI with
- * {@link SpringAddonsOAuth2ClientProperties#getClientUri() SpringAddonsOAuth2ClientProperties#client-uri}</li>
+ * {@link SpringAddonsOidcClientProperties#clientUri SpringAddonsOidcClientProperties#client-uri}</li>
  * <li>logoutRequestUriBuilder: builder for <a href= "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a> queries, taking
  * configuration from properties for OIDC providers which do not strictly comply with the spec: logout URI not provided by OIDC conf or non standard parameter
  * names (Auth0 and Cognito are samples of such OPs)</li>
- * <li>logoutSuccessHandler: a {@link LogoutSuccessHandler}. Default instance is a {@link SpringAddonsOAuth2LogoutSuccessHandler} which logs a user out from the
- * last authorization server he logged on.</li>
+ * <li>logoutSuccessHandler: a {@link LogoutSuccessHandler}. Default instance is a {@link SpringAddonsLogoutSuccessHandler} which logs a user out from the last
+ * authorization server he logged on.</li>
  * <li>authoritiesConverter: an {@link ClaimSetAuthoritiesConverter}. Default instance is a {@link ConfigurableClaimSetAuthoritiesConverter} which reads
- * spring-addons {@link SpringAddonsSecurityProperties}</li>
+ * spring-addons {@link SpringAddonsOidcProperties}</li>
  * <li>oAuth2AuthorizedClientRepository: a {@link SpringAddonsOAuth2AuthorizedClientRepository} (which is also a session listener) capable of handling
  * multi-tenancy and back-channel logout.</li>
  * <li>clientAuthorizePostProcessor: a {@link ClientExpressionInterceptUrlRegistryPostProcessor} post processor to fine tune access control from java
@@ -70,24 +57,25 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security.client", name = "enabled")
+@ConditionalOnWebApplication(type = Type.SERVLET)
+@Conditional(IsOidcClientCondition.class)
 @EnableWebSecurity
 @AutoConfiguration
-@Import({ SpringAddonsOAuth2ClientProperties.class })
+@ImportAutoConfiguration(SpringAddonsOidcBeans.class)
 @Slf4j
-public class SpringAddonsOAuth2ClientBeans {
+public class SpringAddonsOidcClientBeans {
 
 	/**
 	 * <p>
-	 * Instantiated only if "com.c4-soft.springaddons.security.client.security-matchers" property has at least one entry. If defined, it is with highest
-	 * precedence, to ensure that all routes defined in this security matcher property are intercepted by this filter-chain.
+	 * Instantiated only if "com.c4-soft.springaddons.oidc.client.security-matchers" property has at least one entry. If defined, it is with higher precedence
+	 * than resource server one.
 	 * </p>
 	 * It defines:
 	 * <ul>
 	 * <li>If the path to login page was provided in conf, a &#64;Controller must be provided to handle it. Otherwise Spring Boot default generated one is used
 	 * (be aware that it does not work when bound to 80 or 8080 with SSL enabled, so, in that case, use another port or define a login path and a controller to
 	 * handle it)</li>
-	 * <li>logout (using {@link SpringAddonsOAuth2LogoutSuccessHandler} by default)</li>
+	 * <li>logout (using {@link SpringAddonsLogoutSuccessHandler} by default)</li>
 	 * <li>forces SSL usage if it is enabled</li> properties</li>
 	 * <li>CSRF protection as defined in spring-addons <b>client</b> properties (enabled by default in this filter-chain).</li>
 	 * <li>allow access to unauthorized requests to path matchers listed in spring-security <b>client</b> "permit-all" property</li>
@@ -99,7 +87,9 @@ public class SpringAddonsOAuth2ClientBeans {
 	 * @param  serverProperties             Spring Boot standard server properties
 	 * @param  authorizationRequestResolver the authorization request resolver to use. By default {@link SpringAddonsOAuth2AuthorizationRequestResolver} (adds
 	 *                                      authorization request parameters defined in properties and builds absolutes callback URI)
-	 * @param  clientProps                  {@link SpringAddonsOAuth2ClientProperties spring-addons client properties}
+	 * @param  logoutSuccessHandler         Defaulted to {@link SpringAddonsLogoutSuccessHandler} which can handle "almost" RP Initiated Logout conformant OPs
+	 *                                      (like Auth0 and Cognito)
+	 * @param  addonsProperties             {@link SpringAddonsOAuth2ClientProperties spring-addons client properties}
 	 * @param  authorizePostProcessor       post process authorization after "permit-all" configuration was applied (default is "isAuthenticated()" to
 	 *                                      everything that was not matched)
 	 * @param  httpPostProcessor            post process the "http" builder just before it is returned (enables to override anything from the
@@ -107,29 +97,28 @@ public class SpringAddonsOAuth2ClientBeans {
 	 * @return                              a security filter-chain scoped to specified security-matchers and adapted to OAuth2 clients
 	 * @throws Exception                    in case of miss-configuration
 	 */
-	@ConditionalOnExpression("!(T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers:}') && T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers[0]:}'))")
-	@Order(Ordered.HIGHEST_PRECEDENCE + 1)
+	@Order(Ordered.LOWEST_PRECEDENCE - 1)
 	@Bean
 	SecurityFilterChain springAddonsClientFilterChain(
 			HttpSecurity http,
 			ServerProperties serverProperties,
 			OAuth2AuthorizationRequestResolver authorizationRequestResolver,
 			LogoutSuccessHandler logoutSuccessHandler,
-			SpringAddonsOAuth2ClientProperties clientProps,
+			SpringAddonsOidcProperties addonsProperties,
 			ClientExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
 			ClientHttpSecurityPostProcessor httpPostProcessor)
 			throws Exception {
 		// @formatter:off
-        log.info("Applying client OAuth2 configuration for: {}", (Object[]) clientProps.getSecurityMatchers());
-        http.securityMatcher(clientProps.getSecurityMatchers());
+        log.info("Applying client OAuth2 configuration for: {}", (Object[]) addonsProperties.getClient().getSecurityMatchers());
+        http.securityMatcher(addonsProperties.getClient().getSecurityMatchers());
 
         http.oauth2Login(login -> {
         	login.authorizationEndpoint(authorizationEndpoint -> authorizationEndpoint.authorizationRequestResolver(authorizationRequestResolver));
-            clientProps.getLoginPath().ifPresent(loginPath -> {
-                login.loginPage(UriComponentsBuilder.fromUri(clientProps.getClientUri()).path(loginPath).build().toString());
+            addonsProperties.getClient().getLoginPath().ifPresent(loginPath -> {
+                login.loginPage(UriComponentsBuilder.fromUri(addonsProperties.getClient().getClientUri()).path(loginPath).build().toString());
             });
-            clientProps.getPostLoginRedirectPath().ifPresent(postLoginRedirectPath -> {
-                login.defaultSuccessUrl(UriComponentsBuilder.fromUri(clientProps.getClientUri()).path(postLoginRedirectPath).build().toString(), true);
+            addonsProperties.getClient().getPostLoginRedirectPath().ifPresent(postLoginRedirectPath -> {
+                login.defaultSuccessUrl(UriComponentsBuilder.fromUri(addonsProperties.getClient().getClientUri()).path(postLoginRedirectPath).build().toString(), true);
             });
         });
 
@@ -138,7 +127,7 @@ SecurityFilterChain springAddonsClientFilterChain(
         });
         // @formatter:on
 
-		ServletConfigurationSupport.configureClient(http, serverProperties, clientProps, authorizePostProcessor, httpPostProcessor);
+		ServletConfigurationSupport.configureClient(http, serverProperties, addonsProperties.getClient(), authorizePostProcessor, httpPostProcessor);
 
 		return http.build();
 	}
@@ -151,29 +140,28 @@ SecurityFilterChain springAddonsClientFilterChain(
 	 * </ul>
 	 *
 	 * @param  clientRegistrationRepository
-	 * @param  clientProps
+	 * @param  addonsProperties
 	 * @return                              {@link SpringAddonsOAuth2AuthorizationRequestResolver}
 	 */
 	@ConditionalOnMissingBean
 	@Bean
-	OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver(
-			InMemoryClientRegistrationRepository clientRegistrationRepository,
-			SpringAddonsOAuth2ClientProperties clientProps) {
-		return new SpringAddonsOAuth2AuthorizationRequestResolver(clientRegistrationRepository, clientProps);
+	OAuth2AuthorizationRequestResolver
+			oAuth2AuthorizationRequestResolver(InMemoryClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcProperties addonsProperties) {
+		return new SpringAddonsOAuth2AuthorizationRequestResolver(clientRegistrationRepository, addonsProperties.getClient());
 	}
 
 	/**
 	 * Build logout request for <a href= "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a>. It works with most OIDC
 	 * provider: those complying with the spec (Keycloak for instance), off course, but also those which are close enough to it (Auth0, Cognito, ...)
 	 *
-	 * @param  clientProps {@link SpringAddonsOAuth2ClientProperties} to pick logout configuration for divergence to the standard (logout URI not provided in
-	 *                     .well-known/openid-configuration and non-conform parameter names)
-	 * @return             {@link SpringAddonsOAuth2LogoutRequestUriBuilder]
+	 * @param  addonsProperties {@link SpringAddonsOAuth2ClientProperties} to pick logout configuration for divergence to the standard (logout URI not provided
+	 *                          in .well-known/openid-configuration and non-conform parameter names)
+	 * @return                  {@link SpringAddonsOAuth2LogoutRequestUriBuilder]
 	 */
 	@ConditionalOnMissingBean
 	@Bean
-	LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOAuth2ClientProperties clientProps) {
-		return new SpringAddonsOAuth2LogoutRequestUriBuilder(clientProps);
+	LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOidcProperties addonsProperties) {
+		return new SpringAddonsOAuth2LogoutRequestUriBuilder(addonsProperties.getClient());
 	}
 
 	/**
@@ -182,67 +170,12 @@ LogoutRequestUriBuilder logoutRequestUriBuilder(SpringAddonsOAuth2ClientProperti
 	 *
 	 * @param  logoutRequestUriBuilder      delegate doing the smart job
 	 * @param  clientRegistrationRepository
-	 * @return                              {@link SpringAddonsOAuth2LogoutSuccessHandler}
+	 * @return                              {@link SpringAddonsLogoutSuccessHandler}
 	 */
 	@ConditionalOnMissingBean
 	@Bean
 	LogoutSuccessHandler logoutSuccessHandler(LogoutRequestUriBuilder logoutRequestUriBuilder, ClientRegistrationRepository clientRegistrationRepository) {
-		return new SpringAddonsOAuth2LogoutSuccessHandler(logoutRequestUriBuilder, clientRegistrationRepository);
-	}
-
-	/**
-	 * Instantiate a {@link ConfigurableClaimSetAuthoritiesConverter} from token claims to spring authorities (which claims to pick, how to transform roles
-	 * strings for each claim).
-	 *
-	 * @param  addonsProperties converter configuration source
-	 * @return                  {@link ConfigurableClaimSetAuthoritiesConverter}
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-	}
-
-	/**
-	 * @param  authoritiesConverter the authorities converter to use (by default {@link ConfigurableClaimSetAuthoritiesConverter})
-	 * @return                      {@link GrantedAuthoritiesMapper} using the authorities converter in the context
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	GrantedAuthoritiesMapper grantedAuthoritiesMapper(Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter) {
-		return (authorities) -> {
-			Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
-
-			authorities.forEach(authority -> {
-				if (authority instanceof OidcUserAuthority oidcAuth) {
-					mappedAuthorities.addAll(authoritiesConverter.convert(oidcAuth.getIdToken().getClaims()));
-
-				} else if (authority instanceof OAuth2UserAuthority oauth2Auth) {
-					mappedAuthorities.addAll(authoritiesConverter.convert(oauth2Auth.getAttributes()));
-
-				}
-			});
-
-			return mappedAuthorities;
-		};
-	}
-
-	/**
-	 * @param  corsProperties the properties to pick CORS configuration from
-	 * @return                a CORS configuration built from properties
-	 */
-	CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-		log.debug("Building default CorsConfigurationSource with: {}", Stream.of(corsProperties).toList());
-		final var source = new UrlBasedCorsConfigurationSource();
-		for (final var corsProps : corsProperties) {
-			final var configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-			configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-			configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-			configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-			source.registerCorsConfiguration(corsProps.getPath(), configuration);
-		}
-		return source;
+		return new SpringAddonsLogoutSuccessHandler(logoutRequestUriBuilder, clientRegistrationRepository);
 	}
 
 	/**
@@ -274,22 +207,4 @@ ClientExpressionInterceptUrlRegistryPostProcessor clientAuthorizePostProcessor()
 	ClientHttpSecurityPostProcessor clientHttpPostProcessor() {
 		return http -> http;
 	}
-
-	static class HasClientSecurityMatcher extends AnyNestedCondition {
-
-		public HasClientSecurityMatcher() {
-			super(ConfigurationPhase.PARSE_CONFIGURATION);
-		}
-
-		@ConditionalOnExpression("!(T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers:}') && T(org.springframework.util.StringUtils).isEmpty('${com.c4-soft.springaddons.security.client.security-matchers[0]:}'))")
-		static class Value1Condition {
-
-		}
-
-		@ConditionalOnProperty(name = "com.c4-soft.springaddons.security.client.security-matchers[0]")
-		static class Value2Condition {
-
-		}
-
-	}
 }
\ No newline at end of file
diff --git a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/JwtAbstractAuthenticationTokenConverter.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/JwtAbstractAuthenticationTokenConverter.java
similarity index 78%
rename from spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/JwtAbstractAuthenticationTokenConverter.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/JwtAbstractAuthenticationTokenConverter.java
index 60a36460d..980f0e050 100644
--- a/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/JwtAbstractAuthenticationTokenConverter.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/JwtAbstractAuthenticationTokenConverter.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver;
 
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java
new file mode 100644
index 000000000..51b3b3c39
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java
@@ -0,0 +1,6 @@
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver;
+
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
+
+public interface ResourceServerExpressionInterceptUrlRegistryPostProcessor extends ExpressionInterceptUrlRegistryPostProcessor {
+}
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerHttpSecurityPostProcessor.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerHttpSecurityPostProcessor.java
similarity index 68%
rename from webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerHttpSecurityPostProcessor.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerHttpSecurityPostProcessor.java
index e2694529e..129533ab3 100644
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerHttpSecurityPostProcessor.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/ResourceServerHttpSecurityPostProcessor.java
@@ -1,7 +1,9 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServerHttpSecurityPostProcessor;
+
 /**
  * Process {@link HttpSecurity} of default security filter-chain after it was processed by spring-addons. This enables to override anything that was
  * auto-configured (or add to it).
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java
similarity index 63%
rename from webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java
rename to spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java
index d8468e2d1..bb152a79d 100644
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java
+++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/resourceserver/SpringAddonsOidcResourceServerBeans.java
@@ -1,7 +1,6 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
+package com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver;
 
 import java.net.URI;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -9,12 +8,15 @@
 import java.util.stream.Stream;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -34,16 +36,19 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.util.StringUtils;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.DefaultAuthenticationManagerResolverCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.IsIntrospectingResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.bean.IsJwtDecoderResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.properties.condition.configuration.IsOidcResourceServerCondition;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.ServletConfigurationSupport;
+import com.c4_soft.springaddons.security.oidc.starter.synchronised.SpringAddonsOidcBeans;
 
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
@@ -77,45 +82,82 @@
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security", name = "enabled")
-@AutoConfiguration
+@ConditionalOnWebApplication(type = Type.SERVLET)
+@Conditional(IsOidcResourceServerCondition.class)
 @EnableWebSecurity
+@AutoConfiguration
+@ImportAutoConfiguration(SpringAddonsOidcBeans.class)
 @Slf4j
-@Import({ AddonsSecurityBeans.class })
-public class AddonsWebSecurityBeans {
+public class SpringAddonsOidcResourceServerBeans {
 	/**
 	 * <p>
-	 * Applies SpringAddonsSecurityProperties to web security config. Be aware that defining a {@link SecurityWebFilterChain} bean with no security matcher and
-	 * an order higher than LOWEST_PRECEDENCE will disable most of this lib auto-configuration for OpenID resource-servers.
-	 * </p>
-	 * <p>
-	 * You should consider to set security matcher to all other {@link SecurityWebFilterChain} beans and provide a {@link ServerHttpSecurityPostProcessor} bean
-	 * to override anything from this bean
+	 * Configures a SecurityFilterChain for a resource server with JwtDecoder with &#64;Order(LOWEST_PRECEDENCE). Defining a {@link SecurityWebFilterChain} bean
+	 * with no security matcher and an order higher than LOWEST_PRECEDENCE will hide this filter-chain an disable most of spring-addons auto-configuration for
+	 * OpenID resource-servers.
 	 * </p>
-	 * .
 	 *
 	 * @param  http                          HTTP security to configure
 	 * @param  serverProperties              Spring "server" configuration properties
-	 * @param  addonsProperties              "com.c4-soft.springaddons.security" configuration properties
+	 * @param  addonsProperties              "com.c4-soft.springaddons.oidc" configuration properties
 	 * @param  authorizePostProcessor        Hook to override access-control rules for all path that are not listed in "permit-all"
 	 * @param  httpPostProcessor             Hook to override all or part of HttpSecurity auto-configuration
 	 * @param  authenticationManagerResolver Converts successful JWT decoding result into an {@link Authentication}
-	 * @return                               A default {@link SecurityWebFilterChain} for servlet resource-servers with JWT decoder (matches all unmatched
-	 *                                       routes with lowest precedence)
+	 * @return                               A {@link SecurityWebFilterChain} for servlet resource-servers with JWT decoder
 	 */
+	@ConditionalOnClass(IsJwtDecoderResourceServerCondition.class)
 	@Order(Ordered.LOWEST_PRECEDENCE)
 	@Bean
-	SecurityFilterChain springAddonsResourceServerSecurityFilterChain(
+	SecurityFilterChain springAddonsJwtResourceServerSecurityFilterChain(
 			HttpSecurity http,
 			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties,
+			SpringAddonsOidcProperties addonsProperties,
 			ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
 			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
 			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver)
 			throws Exception {
 		http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver));
 
-		ServletConfigurationSupport.configureResourceServer(http, serverProperties, addonsProperties, authorizePostProcessor, httpPostProcessor);
+		ServletConfigurationSupport
+				.configureResourceServer(http, serverProperties, addonsProperties.getResourceserver(), authorizePostProcessor, httpPostProcessor);
+
+		return http.build();
+	}
+
+	/**
+	 * <p>
+	 * Configures a SecurityFilterChain for a resource server with JwtDecoder with &#64;Order(LOWEST_PRECEDENCE). Defining a {@link SecurityWebFilterChain} bean
+	 * with no security matcher and an order higher than LOWEST_PRECEDENCE will hide this filter-chain an disable most of spring-addons auto-configuration for
+	 * OpenID resource-servers.
+	 * </p>
+	 *
+	 * @param  http                                 HTTP security to configure
+	 * @param  serverProperties                     Spring "server" configuration properties
+	 * @param  addonsProperties                     "com.c4-soft.springaddons.oidc" configuration properties
+	 * @param  authorizePostProcessor               Hook to override access-control rules for all path that are not listed in "permit-all"
+	 * @param  httpPostProcessor                    Hook to override all or part of HttpSecurity auto-configuration
+	 * @param  introspectionAuthenticationConverter Converts successful introspection result into an {@link Authentication}
+	 * @param  opaqueTokenIntrospector              the instrospector to use
+	 * @return                                      A {@link SecurityWebFilterChain} for servlet resource-servers with access token introspection
+	 */
+	@Conditional(IsIntrospectingResourceServerCondition.class)
+	@Order(Ordered.LOWEST_PRECEDENCE)
+	@Bean
+	SecurityFilterChain springAddonsIntrospectingResourceServerSecurityFilterChain(
+			HttpSecurity http,
+			ServerProperties serverProperties,
+			SpringAddonsOidcProperties addonsProperties,
+			ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
+			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
+			OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter,
+			OpaqueTokenIntrospector opaqueTokenIntrospector)
+			throws Exception {
+		http.oauth2ResourceServer(server -> server.opaqueToken(ot -> {
+			ot.introspector(opaqueTokenIntrospector);
+			ot.authenticationConverter(introspectionAuthenticationConverter);
+		}));
+
+		ServletConfigurationSupport
+				.configureResourceServer(http, serverProperties, addonsProperties.getResourceserver(), authorizePostProcessor, httpPostProcessor);
 
 		return http.build();
 	}
@@ -143,54 +185,40 @@ ResourceServerHttpSecurityPostProcessor httpPostProcessor() {
 		return httpSecurity -> httpSecurity;
 	}
 
-	CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-		log.debug("Building default CorsConfigurationSource with: {}", Stream.of(corsProperties).toList());
-		final var source = new UrlBasedCorsConfigurationSource();
-		for (final var corsProps : corsProperties) {
-			final var configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-			configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-			configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-			configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-			source.registerCorsConfiguration(corsProps.getPath(), configuration);
-		}
-		return source;
-	}
-
 	/**
 	 * Provides with multi-tenancy: builds a AuthenticationManagerResolver<HttpServletRequest> per provided OIDC issuer URI
 	 *
 	 * @param  auth2ResourceServerProperties "spring.security.oauth2.resourceserver" configuration properties
-	 * @param  addonsProperties              "com.c4-soft.springaddons.security" configuration properties
+	 * @param  addonsProperties              "com.c4-soft.springaddons.oidc" configuration properties
 	 * @param  jwtAuthenticationConverter    converts from a {@link Jwt} to an {@link Authentication} implementation
 	 * @return                               Multi-tenant {@link AuthenticationManagerResolver<HttpServletRequest>} (one for each configured issuer)
 	 */
-	@ConditionalOnMissingBean
+	@Conditional(DefaultAuthenticationManagerResolverCondition.class)
 	@Bean
 	AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver(
 			OAuth2ResourceServerProperties auth2ResourceServerProperties,
-			SpringAddonsSecurityProperties addonsProperties,
+			SpringAddonsOidcProperties addonsProperties,
 			JwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter) {
 		final var jwtProps = Optional.ofNullable(auth2ResourceServerProperties).map(OAuth2ResourceServerProperties::getJwt);
 		// @formatter:off
 		Optional.ofNullable(jwtProps.map(OAuth2ResourceServerProperties.Jwt::getIssuerUri)).orElse(jwtProps.map(OAuth2ResourceServerProperties.Jwt::getJwkSetUri))
 		    .filter(StringUtils::hasLength)
 		    .ifPresent(jwtConf -> {
-				log.warn("spring.security.oauth2.resourceserver configuration will be ignored in favor of com.c4-soft.springaddons.security");
+				log.warn("spring.security.oauth2.resourceserver configuration will be ignored in favor of com.c4-soft.springaddons.oidc");
 			});
 		// @formatter:on
 
 		final Map<String, AuthenticationManager> jwtManagers =
-				Stream.of(addonsProperties.getIssuers()).collect(Collectors.toMap(issuer -> issuer.getLocation().toString(), issuer -> {
+				Stream.of(addonsProperties.getOps()).collect(Collectors.toMap(issuer -> issuer.getIss().toString(), issuer -> {
 					final var decoder = issuer.getJwkSetUri() != null && StringUtils.hasLength(issuer.getJwkSetUri().toString())
 							? NimbusJwtDecoder.withJwkSetUri(issuer.getJwkSetUri().toString()).build()
-							: NimbusJwtDecoder.withIssuerLocation(issuer.getLocation().toString()).build();
+							: NimbusJwtDecoder.withIssuerLocation(issuer.getIss().toString()).build();
 
-					final OAuth2TokenValidator<Jwt> defaultValidator = Optional.ofNullable(issuer.getLocation()).map(URI::toString)
+					final OAuth2TokenValidator<Jwt> defaultValidator = Optional.ofNullable(issuer.getIss()).map(URI::toString)
 							.map(JwtValidators::createDefaultWithIssuer).orElse(JwtValidators.createDefault());
 
 				// @formatter:off
-					final OAuth2TokenValidator<Jwt> jwtValidator = Optional.ofNullable(issuer.getAudience())
+					final OAuth2TokenValidator<Jwt> jwtValidator = Optional.ofNullable(issuer.getAud())
 							.filter(StringUtils::hasText)
 							.map(audience -> new JwtClaimValidator<List<String>>(
 									JwtClaimNames.AUD,
@@ -208,7 +236,7 @@ AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver(
 		log.debug(
 				"Building default JwtIssuerAuthenticationManagerResolver with: ",
 				auth2ResourceServerProperties.getJwt(),
-				Stream.of(addonsProperties.getIssuers()).toList());
+				Stream.of(addonsProperties.getOps()).toList());
 
 		return new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver<String>) jwtManagers::get);
 	}
diff --git a/spring-addons-starter-oidc/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-addons-starter-oidc/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 000000000..ebb774812
--- /dev/null
+++ b/spring-addons-starter-oidc/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,7 @@
+com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsBackChannelLogoutBeans
+com.c4_soft.springaddons.security.oidc.starter.reactive.client.ReactiveSpringAddonsOidcClientBeans
+com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans
+
+com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsBackChannelLogoutBeans
+com.c4_soft.springaddons.security.oidc.starter.synchronised.client.SpringAddonsOidcClientBeans
+com.c4_soft.springaddons.security.oidc.starter.synchronised.resourceserver.SpringAddonsOidcResourceServerBeans
diff --git a/spring-addons-oauth2/src/test/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableJwtGrantedAuthoritiesConverterTest.java b/spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableJwtGrantedAuthoritiesConverterTest.java
similarity index 74%
rename from spring-addons-oauth2/src/test/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableJwtGrantedAuthoritiesConverterTest.java
rename to spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableJwtGrantedAuthoritiesConverterTest.java
index eabafaa92..53e2d44d8 100644
--- a/spring-addons-oauth2/src/test/java/com/c4_soft/springaddons/security/oauth2/config/ConfigurableJwtGrantedAuthoritiesConverterTest.java
+++ b/spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/ConfigurableJwtGrantedAuthoritiesConverterTest.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config;
+package com.c4_soft.springaddons.security.oidc.starter;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -9,15 +9,16 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtClaimNames;
 
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.Case;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.IssuerProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.SimpleAuthoritiesMappingProperties;
+import com.c4_soft.springaddons.security.oidc.OpenidClaimSet;
+import com.c4_soft.springaddons.security.oidc.starter.properties.OpenidProviderProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SimpleAuthoritiesMappingProperties;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SimpleAuthoritiesMappingProperties.Case;
+import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
 
 public class ConfigurableJwtGrantedAuthoritiesConverterTest {
 
@@ -46,11 +47,11 @@ public void test() throws URISyntaxException {
 		final var now = Instant.now();
 		final var jwt = new Jwt("a.b.C", now, Instant.ofEpochSecond(now.getEpochSecond() + 3600), Map.of("machin", "truc"), claims);
 
-		final var issuerProperties = new IssuerProperties();
-		issuerProperties.setLocation(issuer);
+		final var issuerProperties = new OpenidProviderProperties();
+		issuerProperties.setIss(issuer);
 
-		final var properties = new SpringAddonsSecurityProperties();
-		properties.setIssuers(new IssuerProperties[] { issuerProperties });
+		final var properties = new SpringAddonsOidcProperties();
+		properties.setOps(new OpenidProviderProperties[] { issuerProperties });
 
 		final var converter = new ConfigurableClaimSetAuthoritiesConverter(properties);
 		final var claimSet = new OpenidClaimSet(jwt.getClaims());
diff --git a/webflux/spring-addons-webflux-client/src/test/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java b/spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java
similarity index 91%
rename from webflux/spring-addons-webflux-client/src/test/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java
rename to spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java
index 9db3c0a54..6ca26a6c3 100644
--- a/webflux/spring-addons-webflux-client/src/test/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java
+++ b/spring-addons-starter-oidc/src/test/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolverTest.java
@@ -1,4 +1,4 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
+package com.c4_soft.springaddons.security.oidc.starter.reactive.client;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
diff --git a/spring-addons-web-test/pom.xml b/spring-addons-web-test/pom.xml
deleted file mode 100644
index f9cdc1756..000000000
--- a/spring-addons-web-test/pom.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-web-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-test</artifactId>
-		</dependency>
-	</dependencies>
-
-</project>
diff --git a/starters/spring-addons-starters-recaptcha/pom.xml b/starters/spring-addons-starters-recaptcha/pom.xml
index 9f9951355..1cb4617da 100644
--- a/starters/spring-addons-starters-recaptcha/pom.xml
+++ b/starters/spring-addons-starters-recaptcha/pom.xml
@@ -16,7 +16,7 @@
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 
 	<dependencies>
diff --git a/starters/spring-addons-starters-webclient/pom.xml b/starters/spring-addons-starters-webclient/pom.xml
index 97d61a457..800b1986e 100644
--- a/starters/spring-addons-starters-webclient/pom.xml
+++ b/starters/spring-addons-starters-webclient/pom.xml
@@ -16,7 +16,7 @@
 		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
 		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
 		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
+		<tag>HEAD</tag>
 	</scm>
 
 	<dependencies>
diff --git a/webflux/pom.xml b/webflux/pom.xml
deleted file mode 100644
index b590836df..000000000
--- a/webflux/pom.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux</artifactId>
-	<packaging>pom</packaging>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<modules>
-		<module>spring-addons-webflux-core</module>
-		<module>spring-addons-webflux-introspecting-resource-server</module>
-		<module>spring-addons-webflux-jwt-resource-server</module>
-		<module>spring-addons-webflux-test</module>
-		<module>spring-addons-webflux-introspecting-test</module>
-		<module>spring-addons-webflux-jwt-test</module>
-		<module>spring-addons-webflux-client</module>
-	</modules>
-
-</project>
diff --git a/webflux/spring-addons-webflux-client/README.md b/webflux/spring-addons-webflux-client/README.md
deleted file mode 100644
index f54cf7aab..000000000
--- a/webflux/spring-addons-webflux-client/README.md
+++ /dev/null
@@ -1,193 +0,0 @@
-# `spring-addons-webflux-client`
-A thin wrapper around `spring-boot-starter-oauth2-client` which pushes auto-configuration one step further.
-
-## How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`SpringAddonsOAuth2ClientBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ClientBeans.java) with a bunch of OAuth2 client related beans configurable from application properties
-- [`SpringAddonsBackChannelLogoutBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsBackChannelLogoutBeans.java) which contains the beans definition for a client [Back-Channel Logout](https://openid.net/specs/openid-connect-backchannel-1_0.html) implementation: a security filter-chain and a `@RestController`.
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it.
-
-## What is auto configured
-The most accurate information about [`SpringAddonsOAuth2ClientBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsOAuth2ClientBeans.java) and [`SpringAddonsBackChannelLogoutBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/SpringAddonsBackChannelLogoutBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### SpringAddonsOAuth2ClientBeans
-All the beans below are `@ConditionalOnMissingBean`, with an exception of the first which is conditional on a property. This means that you keep complete control: if you define a bean of the same type as any of the following, your definition will replace the one from this starter.
-- `springAddonsClientFilterChain`: a security filter-chain instantiated only if `com.c4-soft.springaddons.security.client.security-matchers` property has at least one entry. If defined, it is a high precedence, to ensure that all routes defined in this security matcher property are intercepted by this filter-chain. Refer to [`SpringAddonsOAuth2ClientProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2ClientProperties.java) for configuration options. Mind the optional properties, and `login-path` in particular: if you provide one, you'll also have to provide with a &#64;Controller to handle it.
-- `logoutRequestUriBuilder`: builder for [RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) queries, taking configuration from properties for OIDC providers which do not strictly comply with the spec: logout URI not provided by OIDC conf or non standard parameter names (Auth0 and Cognito are samples of such OPs)
-- `serverLogoutSuccessHandler`: default instance is a `SpringAddonsOAuth2ServerLogoutSuccessHandler` which logs a user out from the last authorization server he logged on
-- `authoritiesConverter`: an `OAuth2AuthoritiesConverter`. Default instance is a `ConfigurableClaimSet2AuthoritiesConverter` which reads spring-addons `SpringAddonsSecurityProperties`
-- `grantedAuthoritiesMapper`: a `GrantedAuthoritiesMapper` using the already configured `OAuth2AuthoritiesConverter`
-- `oAuth2AuthorizedClientRepository`: a `SpringAddonsServerOAuth2AuthorizedClientRepository` (which is also a session listener) capable of handling multi-tenancy and back-channel logout
-- `clientAuthorizePostProcessor`: a post processor to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `clientHttpPostProcessor`: a post processor to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-- `csrfCookieWebFilter`: a `WebFilter` to set the CSRF cookie if `com.c4-soft.springaddons.security.client.csrf` is set with one of the two cookie options
-- `webSessionManager` with a custom `webSessionStore` which is a proxy of `InMemoryWebSessionStore` on which `WebSessionListener` can register to be notified with sessions `create` and `remove` event
-
-### SpringAddonsBackChannelLogoutBeans
-This two beans are instantiated only if `com.c4-soft.springaddons.security.client.back-channel-logout-enabled` is `true`
-- `springAddonsBackChannelLogoutClientFilterChain`: a filter chain with highest precedence intercepting requests to just `/backchannel_logout`, with no session, no CSRF protection and no access-control: security is based on ly on the logout JWT in the request payload.
-- `BackChannelLogoutController` a REST controller to handle just the POST requests to `/backchannel_logout` with a logout JWT provided as `application/x-www-form-urlencoded`
-
-## Sample usage
-The [BFF tutorial](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials/bff) uses this starter to configure a `spring-cloud-gateway` instance as an OAuth2 client with Back-Channel Logout. In this sample, the Java web-security configuration is reduced to nothing, all the configuration being defined with the following properties:
-```yaml
-scheme: http
-keycloak-port: 8442
-keycloak-issuer: ${scheme}://localhost:${keycloak-port}/realms/master
-keycloak-secret: change-me
-cognito-issuer: https://cognito-idp.us-west-2.amazonaws.com/us-west-2_RzhmgLwjl
-cognito-secret: change-me
-auth0-issuer: https://dev-ch4mpy.eu.auth0.com/
-auth0-secret: change-me
-
-gateway-uri: ${scheme}://localhost:${server.port}
-greetings-api-uri: ${scheme}://localhost:6443/greetings
-angular-uri: ${scheme}://localhost:4200
-
-server:
-  port: 8080
-  ssl:
-    enabled: false
-
-
-spring:
-  lifecycle:
-    timeout-per-shutdown-phase: 30s
-  security:
-    oauth2:
-      client:
-        provider:
-          keycloak:
-            issuer-uri: ${keycloak-issuer}
-          cognito:
-            issuer-uri: ${cognito-issuer}
-          auth0:
-            issuer-uri: ${auth0-issuer}
-        registration:
-          keycloak-confidential-user:
-            authorization-grant-type: authorization_code
-            client-name: Keycloak
-            client-id: spring-addons-confidential
-            client-secret: ${keycloak-secret}
-            provider: keycloak
-            scope: openid,profile,email,offline_access,roles
-          cognito-confidential-user:
-            authorization-grant-type: authorization_code
-            client-name: Cognito
-            client-id: 12olioff63qklfe9nio746es9f
-            client-secret: ${cognito-secret}
-            provider: cognito
-            scope: openid,profile,email
-          auth0-confidential-user:
-            authorization-grant-type: authorization_code
-            client-name: Auth0
-            client-id: TyY0H7xkRMRe6lDf9F8EiNqCo8PdhICy
-            client-secret: ${auth0-secret}
-            provider: auth0
-            scope: openid,profile,email,offline_access
-  cloud:
-    gateway:
-      default-filters:
-      - TokenRelay=
-      - DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin
-      - SaveSession
-      - SecureHeaders
-      routes:
-      - id: greetings
-        uri: ${greetings-api-uri}
-        predicates:
-        - Path=/greetings/**
-      - id: ui
-        uri: ${angular-uri}
-        predicates:
-        - Path=/ui/**
-      - id: home
-        uri: ${angular-uri}
-        predicates:
-        - Path=/
-        filters:
-        - RewritePath=/,/ui
-
-com:
-  c4-soft:
-    springaddons:
-      security:
-        issuers:
-        - location: ${keycloak-issuer}
-          username-claim: $.preferred_username
-          authorities:
-          - path: $.realm_access.roles
-          - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
-          username-claim: $.username
-          authorities:
-          - path: $.cognito:groups
-        - location: ${auth0-issuer}
-          username-claim: $['https://c4-soft.com/user']['name']
-          authorities:
-          - path: $['https://c4-soft.com/user']['roles']
-          - path: $.permissions
-        client:
-          client-uri: ${gateway-uri}
-          security-matchers: /**
-          permit-all:
-          - /login/**
-          - /oauth2/**
-          - /
-          - /login-options
-          - "/me"
-          - /ui/**
-          - /v3/api-docs/**
-          csrf: cookie-accessible-from-js
-          login-path: /ui/
-          post-login-redirect-path: /ui/
-          post-logout-redirect-path: /ui/
-          back-channel-logout-enabled: true
-          oauth2-logout:
-            - client-registration-id: cognito-confidential-user
-              uri: https://spring-addons.auth.us-west-2.amazoncognito.com/logout
-              client-id-request-param: client_id
-              post-logout-uri-request-param: logout_uri
-            - client-registration-id: auth0-confidential-user
-              uri: ${auth0-issuer}v2/logout
-              client-id-request-param: client_id
-              post-logout-uri-request-param: returnTo
-          authorization-request-params:
-            auth0-confidential-user:
-              - name: audience
-                value: demo.c4-soft.com
-            
-management:
-  endpoint:
-    health:
-      probes:
-        enabled: true
-  endpoints:
-    web:
-      exposure:
-        include: '*'
-  health:
-    livenessstate:
-      enabled: true
-    readinessstate:
-      enabled: true
-
-logging:
-  level:
-    root: ERROR
-    org.springframework.security: DEBUG
-    
----
-spring:
-  config:
-    activate:
-      on-profile: ssl
-
-server:
-  ssl:
-    enabled: true
-
-scheme: https
-keycloak-port: 8443
-```
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-client/license.txt b/webflux/spring-addons-webflux-client/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webflux/spring-addons-webflux-client/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webflux/spring-addons-webflux-client/lombok.config b/webflux/spring-addons-webflux-client/lombok.config
deleted file mode 100644
index 8f7e8aa1a..000000000
--- a/webflux/spring-addons-webflux-client/lombok.config
+++ /dev/null
@@ -1 +0,0 @@
-lombok.addLombokGeneratedAnnotation = true
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-client/pom.xml b/webflux/spring-addons-webflux-client/pom.xml
deleted file mode 100644
index c9fe0b126..000000000
--- a/webflux/spring-addons-webflux-client/pom.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-client</artifactId>
-
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>io.projectreactor</groupId>
-			<artifactId>reactor-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-client</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-core</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webflux/spring-addons-webflux-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index e285dc245..000000000
--- a/webflux/spring-addons-webflux-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans
-com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsBackChannelLogoutBeans
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/license.txt b/webflux/spring-addons-webflux-core/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webflux/spring-addons-webflux-core/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webflux/spring-addons-webflux-core/pom.xml b/webflux/spring-addons-webflux-core/pom.xml
deleted file mode 100644
index 98ddd049a..000000000
--- a/webflux/spring-addons-webflux-core/pom.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-core</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-oauth2</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-jose</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>io.projectreactor</groupId>
-			<artifactId>reactor-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-webflux</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientAuthorizeExchangeSpecPostProcessor.java b/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientAuthorizeExchangeSpecPostProcessor.java
deleted file mode 100644
index 11fddb3b7..000000000
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientAuthorizeExchangeSpecPostProcessor.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
-
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-
-public interface ClientAuthorizeExchangeSpecPostProcessor {
-	ServerHttpSecurity.AuthorizeExchangeSpec authorizeHttpRequests(ServerHttpSecurity.AuthorizeExchangeSpec spec);
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientHttpSecurityPostProcessor.java b/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientHttpSecurityPostProcessor.java
deleted file mode 100644
index 0a811e8dc..000000000
--- a/webflux/spring-addons-webflux-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/ClientHttpSecurityPostProcessor.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
-
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-
-public interface ClientHttpSecurityPostProcessor {
-	ServerHttpSecurity process(ServerHttpSecurity serverHttpSecurity);
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/README.MD b/webflux/spring-addons-webflux-introspecting-resource-server/README.MD
deleted file mode 100644
index e21c8c196..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/README.MD
+++ /dev/null
@@ -1,131 +0,0 @@
-# `spring-addons-webflux-introspecting-resource-server`
-A thin wrapper around `spring-boot-starter-oauth2-client` which pushes auto-configuration one step further for reactive resource servers using access token introspection.
-
-## How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) with a single `OAuth2AuthoritiesConverter` (an alias for `Converter<Map<String, Object>, Collection<? extends GrantedAuthority>>`)
-- [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) which contains a few other beans involved in the creation of a security filter chain for a single-tenant resource server using access token introspection.
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it, with one notable exception: the `springAddonsResourceServerSecurityFilterChain` is not conditional and instantiated in any case (with lowest precedence) if you depend on this starter.
-
-## What is auto configured
-The most accurate information about [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) and [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### AddonsSecurityBeans
-Provides with:
-- `authoritiesConverter` which is an instance of `ConfigurableClaimSet2AuthoritiesConverter`. This bean is configured with application properties and is able to map spring-security authorities from any claims with prefix and case transformation defined for each claim.
-- `introspectionAuthenticationConverter`: a converter from a successful introspection to any implementation of `Authentication`. The default instantiate a `BearerTokenAuthentication` with authorities mapping as configured for the issuer declared in the introspected claims. The easiest to override the type of `Authentication`, is to provide with a `ReactiveOpaqueTokenAuthenticationConverter` bean.
-
-### AddonsWebSecurityBeans
-Provides with a (non conditional) security filter-chain as well as (conditional) defaults for all the beans required to configure it:
-- `springAddonsResourceServerSecurityFilterChain`: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login as defined in [`SpringAddonsSecurityProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java)
-- `authorizePostProcessor`: a bean of type `AuthorizeExchangeSpecPostProcessor` to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `httpPostProcessor`: a bean of type `ServerHttpSecurityPostProcessor` to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-- `csrfCookieWebFilter`: a `WebFilter` to set the CSRF cookie if `com.c4-soft.springaddons.security.client.csrf` is set with one of the two cookie options
-- `serverAccessDeniedHandler`: a bean to switch from default behavior of redirecting unauthorized users to login (302) to returning 401 (unauthorized)
-
-## Usage
-Please take time to browse [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials) and [samples](https://github.com/ch4mpy/spring-addons/tree/master/samples).
-
-All you need is declare a dependency on `spring-addons-webflux-introspection-resource-server` and define a few properties.
-
-You might use any OIDC Provider (including Keycloak, Auth0, Cognito, etc.), but only one at a time.
-
-``` xml
-<dependencies>
-    <dependency>
-        <groupId>com.c4-soft.springaddons</groupId>
-        <artifactId>spring-addons-webflux-introspection-resource-server</artifactId>
-        <version>${com.c4-soft.springaddons.version}</version>
-    </dependency>
-</dependencies>
-```
-``` java
-@SpringBootApplication
-public class SampleApi {
-    public static void main(String[] args) {
-        new SpringApplicationBuilder(SampleApi.class).web(WebApplicationType.REACTIVE).run(args);
-    }
-
-    @Configuration
-    @EnableReactiveMethodSecurity
-    public static class WebSecurityConfig {
-    }
-}
-```
-```yaml
-scheme: http
-origins: ${scheme}://localhost:4200
-keycloak-port: 8442
-keycloak-issuer: ${scheme}://localhost:${keycloak-port}/realms/master
-
-server:
-  error:
-    include-message: always
-  ssl:
-    enabled: false
-
-spring:
-  lifecycle:
-    timeout-per-shutdown-phase: 30s
-  security:
-    oauth2:
-      resourceserver:
-        opaquetoken:
-          client-id: spring-addons-confidential
-          client-secret: change-me
-          introspection-uri: ${keycloak-issuer}/protocol/openid-connect/token/introspect
-
-com:
-  c4-soft:
-    springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
-          username-claim: preferred_username
-          authorities:
-          - path: $.realm_access.roles
-          - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
-        
-logging:
-  level:
-    org:
-      springframework:
-        security: DEBUG
-        
-management:
-  endpoint:
-    health:
-      probes:
-        enabled: true
-  endpoints:
-    web:
-      exposure:
-        include: '*'
-  health:
-    livenessstate:
-      enabled: true
-    readinessstate:
-      enabled: true
-
----
-scheme: https
-keycloak-port: 8443
-
-server:
-  ssl:
-    enabled: true
-
-spring:
-  config:
-    activate:
-      on-profile: ssl
-
-```
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/license.txt b/webflux/spring-addons-webflux-introspecting-resource-server/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/pom.xml b/webflux/spring-addons-webflux-introspecting-resource-server/pom.xml
deleted file mode 100644
index d71cb171a..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-introspecting-resource-server</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java b/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java
deleted file mode 100644
index 1874856f9..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
-
-import java.util.Collection;
-import java.util.Map;
-import java.util.stream.Stream;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
-import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
-import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
-
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-
-import lombok.extern.slf4j.Slf4j;
-import reactor.core.publisher.Mono;
-
-/**
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@AutoConfiguration
-@Slf4j
-@Import({ SpringAddonsSecurityProperties.class })
-public class AddonsSecurityBeans {
-
-	/**
-	 * Retrieves granted authorities from the introspected token attributes according to the configuration set for issuer (iss attribute)
-	 *
-	 * @param  securityProperties
-	 * @return
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-		log.debug("Building default CorsConfigurationSource with: {}", addonsProperties);
-		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-	}
-
-	/**
-	 * Converter bean from successful introspection result to {@link Authentication} instance
-	 *
-	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
-	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
-	 * @return                       a converter from successful introspection result to {@link Authentication} instance
-	 */
-	@SuppressWarnings("unchecked")
-	@ConditionalOnMissingBean
-	@Bean
-	ReactiveOpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
-			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties,
-			OAuth2ResourceServerProperties resourceServerProperties) {
-		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> Mono.just(
-				new BearerTokenAuthentication(
-						new OAuth2IntrospectionAuthenticatedPrincipal(
-								new OpenidClaimSet(
-										authenticatedPrincipal.getAttributes(),
-										Stream.of(addonsProperties.getIssuers())
-												.filter(
-														issProps -> resourceServerProperties.getOpaquetoken().getIntrospectionUri()
-																.contains(issProps.getLocation().toString()))
-												.findAny().orElse(addonsProperties.getIssuers()[0]).getUsernameClaim()).getName(),
-								authenticatedPrincipal.getAttributes(),
-								(Collection<GrantedAuthority>) authenticatedPrincipal.getAuthorities()),
-						new OAuth2AccessToken(
-								OAuth2AccessToken.TokenType.BEARER,
-								introspectedToken,
-								authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT),
-								authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)),
-						authoritiesConverter.convert(authenticatedPrincipal.getAttributes())));
-	}
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java b/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java
deleted file mode 100644
index aba138e92..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsWebSecurityBeans.java
+++ /dev/null
@@ -1,200 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
-
-import java.nio.charset.Charset;
-import java.util.Arrays;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.web.ServerProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Conditional;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.core.io.buffer.DataBufferUtils;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
-import org.springframework.security.web.server.SecurityWebFilterChain;
-import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
-import org.springframework.security.web.server.csrf.CsrfToken;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.reactive.CorsConfigurationSource;
-import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
-import org.springframework.web.server.WebFilter;
-
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
-
-import lombok.extern.slf4j.Slf4j;
-import reactor.core.publisher.Mono;
-
-/**
- * <p>
- * <b>Usage</b><br>
- * If not using spring-boot, &#64;Import or &#64;ComponentScan this class. All beans defined here are &#64;ConditionalOnMissingBean =&gt; just define your own
- * &#64;Beans to override.
- * </p>
- * <p>
- * <b>Provided &#64;Beans</b>
- * </p>
- * <ul>
- * <li><b>SecurityWebFilterChain</b>: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL redirect and 401 instead of redirect to login properties as
- * defined in {@link SpringAddonsSecurityProperties}</li>
- * <li><b>AuthorizeExchangeSpecPostProcessor</b>. Override if you need fined grained HTTP security (more than authenticated() to all routes but the ones defined
- * as permitAll() in {@link SpringAddonsSecurityProperties}</li>
- * <li><b>Jwt2AuthoritiesConverter</b>: responsible for converting the JWT into Collection&lt;? extends GrantedAuthority&gt;</li>
- * <li><b>ReactiveJwt2OpenidClaimSetConverter&lt;T extends Map&lt;String, Object&gt; &amp; Serializable&gt;</b>: responsible for converting the JWT into a
- * claim-set of your choice (OpenID or not)</li>
- * <li><b>ReactiveJwt2AuthenticationConverter&lt;OAuthentication&lt;T extends OpenidClaimSet&gt;&gt;</b>: responsible for converting the JWT into an
- * Authentication (uses both beans above)</li>
- * <li><b>ReactiveAuthenticationManagerResolver</b>: required to be able to define more than one token issuer until
- * https://github.com/spring-projects/spring-boot/issues/30108 is solved</li>
- * </ul>
- *
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security", name = "enabled")
-@EnableWebFluxSecurity
-@AutoConfiguration
-@Slf4j
-@Import({ AddonsSecurityBeans.class })
-public class AddonsWebSecurityBeans {
-
-	/**
-	 * <p>
-	 * Applies SpringAddonsSecurityProperties to web security config. Be aware that defining a {@link SecurityWebFilterChain} bean with no security matcher and
-	 * an order higher than LOWEST_PRECEDENCE will disable most of this lib auto-configuration for OpenID resource-servers.
-	 * </p>
-	 * <p>
-	 * You should consider to set security matcher to all other {@link SecurityWebFilterChain} beans and provide a
-	 * {@link ResourceServerHttpSecurityPostProcessor} bean to override anything from this bean
-	 * </p>
-	 * .
-	 *
-	 * @param  http                                 HTTP security to configure
-	 * @param  serverProperties                     Spring "server" configuration properties
-	 * @param  addonsProperties                     "com.c4-soft.springaddons.security" configuration properties
-	 * @param  authorizePostProcessor               Hook to override access-control rules for all path that are not listed in "permit-all"
-	 * @param  httpPostProcessor                    Hook to override all or part of HttpSecurity auto-configuration
-	 * @param  introspectionAuthenticationConverter Converts successful introspection result into an {@link Authentication}
-	 * @param  accessDeniedHandler                  handler for unauthorized requests (missing or invalid access-token)
-	 * @return                                      A default {@link SecurityWebFilterChain} for reactive resource-servers with access-token introspection
-	 *                                              (matches all unmatched routes with lowest precedence)
-	 */
-	@Order(Ordered.LOWEST_PRECEDENCE)
-	@Bean
-	SecurityWebFilterChain springAddonsResourceServerSecurityFilterChain(
-			ServerHttpSecurity http,
-			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties,
-			ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor,
-			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
-			ReactiveOpaqueTokenAuthenticationConverter introspectionAuthenticationConverter,
-			ReactiveOpaqueTokenIntrospector opaqueTokenIntrospector,
-			ServerAccessDeniedHandler accessDeniedHandler) {
-		http.oauth2ResourceServer(server -> server.opaqueToken(ot -> {
-			ot.introspector(opaqueTokenIntrospector);
-			ot.authenticationConverter(introspectionAuthenticationConverter);
-		}));
-
-		ReactiveConfigurationSupport
-				.configureResourceServer(http, serverProperties, addonsProperties, accessDeniedHandler, authorizePostProcessor, httpPostProcessor);
-
-		return http.build();
-	}
-
-	/**
-	 * Hook to override security rules for all path that are not listed in "permit-all". Default is isAuthenticated().
-	 *
-	 * @return a hook to override security rules for all path that are not listed in "permit-all". Default is isAuthenticated().
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ResourceServerAuthorizeExchangeSpecPostProcessor authorizePostProcessor() {
-		return (ServerHttpSecurity.AuthorizeExchangeSpec spec) -> spec.anyExchange().authenticated();
-	}
-
-	/**
-	 * Hook to override all or part of HttpSecurity auto-configuration. Called after spring-addons configuration was applied so that you can modify anything
-	 *
-	 * @return a hook to override all or part of HttpSecurity auto-configuration. Called after spring-addons configuration was applied so that you can modify
-	 *         anything
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ResourceServerHttpSecurityPostProcessor httpPostProcessor() {
-		return serverHttpSecurity -> serverHttpSecurity;
-	}
-
-	CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-		final var source = new UrlBasedCorsConfigurationSource();
-		for (final var corsProps : corsProperties) {
-			final var configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-			configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-			configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-			configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-			source.registerCorsConfiguration(corsProps.getPath(), configuration);
-		}
-		return source;
-	}
-
-	/**
-	 * Switch from default behavior of redirecting unauthorized users to login (302) to returning 401 (unauthorized)
-	 *
-	 * @return a bean to switch from default behavior of redirecting unauthorized users to login (302) to returning 401 (unauthorized)
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ServerAccessDeniedHandler serverAccessDeniedHandler() {
-		log.debug("Building default ServerAccessDeniedHandler");
-		return (var exchange, var ex) -> exchange.getPrincipal().flatMap(principal -> {
-			var response = exchange.getResponse();
-			response.setStatusCode(principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED : HttpStatus.FORBIDDEN);
-			response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
-			var dataBufferFactory = response.bufferFactory();
-			var buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
-			return response.writeWith(Mono.just(buffer)).doOnError(error -> DataBufferUtils.release(buffer));
-		});
-	}
-
-	/**
-	 * https://docs.spring.io/spring-security/reference/5.8/migration/reactive.html#_i_am_using_angularjs_or_another_javascript_framework
-	 */
-	@Conditional(CookieCsrf.class)
-	@ConditionalOnMissingBean(name = "csrfCookieWebFilter")
-	@Bean
-	WebFilter csrfCookieWebFilter() {
-		return (exchange, chain) -> {
-			Mono<CsrfToken> csrfToken = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
-			return csrfToken.doOnSuccess(token -> {
-			}).then(chain.filter(exchange));
-		};
-	}
-
-	static class CookieCsrf extends AnyNestedCondition {
-
-		public CookieCsrf() {
-			super(ConfigurationPhase.PARSE_CONFIGURATION);
-		}
-
-		@ConditionalOnProperty(name = "com.c4-soft.springaddons.security.csrf", havingValue = "cookie-accessible-from-js")
-		static class Value1Condition {
-
-		}
-
-		@ConditionalOnProperty(name = "com.c4-soft.springaddons.security.csrf", havingValue = "cookie-http-only")
-		static class Value2Condition {
-
-		}
-
-	}
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webflux/spring-addons-webflux-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index f902ae469..000000000
--- a/webflux/spring-addons-webflux-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans
-com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-introspecting-test/pom.xml b/webflux/spring-addons-webflux-introspecting-test/pom.xml
deleted file mode 100644
index 923c4279d..000000000
--- a/webflux/spring-addons-webflux-introspecting-test/pom.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-introspecting-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-introspecting-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<optional>true</optional>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-api</artifactId>
-			<optional>true</optional>
-		</dependency>
-		
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
diff --git a/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java b/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java
deleted file mode 100644
index 39d494513..000000000
--- a/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.junit.jupiter.api.TestInstance;
-import org.junit.jupiter.api.TestInstance.Lifecycle;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.AuthenticationFactoriesTestConf;
-
-/**
- * <p>
- * To be used to test services or repositories but <b>not controllers</b>: auto-configures {@link AddonsSecurityBeans} only
- * </p>
- * See {@link AutoConfigureAddonsWebSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@ImportAutoConfiguration({ SpringAddonsSecurityProperties.class, AddonsSecurityBeans.class, AuthenticationFactoriesTestConf.class })
-@ExtendWith(SpringExtension.class)
-@TestInstance(Lifecycle.PER_CLASS)
-public @interface AutoConfigureAddonsSecurity {
-}
diff --git a/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java b/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java
deleted file mode 100644
index 7bf3655a8..000000000
--- a/webflux/spring-addons-webflux-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
-
-/**
- * <p>
- * Auto-configures {@link AddonsSecurityBeans} and {@link AddonsWebSecurityBeans}. To be used to test controllers but not services or repositories (web context
- * is not desired in that case).
- * </p>
- * See {@link AutoConfigureAddonsSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@AutoConfigureAddonsSecurity
-@ImportAutoConfiguration({ AddonsWebSecurityBeans.class, AddonsWebfluxTestConf.class })
-public @interface AutoConfigureAddonsWebSecurity {
-}
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/README.MD b/webflux/spring-addons-webflux-jwt-resource-server/README.MD
deleted file mode 100644
index 460c4bcd2..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/README.MD
+++ /dev/null
@@ -1,31 +0,0 @@
-# `spring-addons-webflux-jwt-resource-server`
-A thin wrapper around `spring-boot-starter-oauth2-resource-server` which pushes auto-configuration one step further for Spring Boot 3 reactive resource servers using JWT decoders.
-
-## 1. Usage
-All you need is declaring a dependency on `spring-addons-webflux-jwt-resource-server` and defining a few properties.
-
-The [`webflux-jwt-default` sample](https://github.com/ch4mpy/spring-addons/tree/master/samples/webflux-jwt-default) explains basic configuration and is the best starting point. You might find some more advanced use-cases in [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials) and [samples](https://github.com/ch4mpy/spring-addons/tree/master/samples).
-
-## 2. How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) with a single `OAuth2AuthoritiesConverter` (an alias for `Converter<Map<String, Object>, Collection<? extends GrantedAuthority>>`)
-- [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) which contains a few other beans involved in the creation of a security filter chain for a multi-tenant ready resource server using JWT decoder(s).
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it.
-
-## 3. What is auto configured
-The most accurate information about [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) and [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### 3.1. AddonsSecurityBeans
-Provides with:
-- `authoritiesConverter` which is an instance of `ConfigurableClaimSet2AuthoritiesConverter`. This bean is configured with application properties and is able to map spring-security authorities from any claims with prefix and case transformation defined for each claim.
-- `jwtAuthenticationConverter`: a converter from a `Jwt` to something inheriting from `AbstractAuthenticationToken`. The default instantiate a `JwtAuthenticationToken` with username and authorities as configured for the issuer of thi token. The easiest to override the type of `AbstractAuthenticationToken`, is to provide with a `Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>` bean.
-
-### 3.2. AddonsWebSecurityBeans
-Provides with a (non conditional) security filter-chain as well as (conditional) defaults for all the beans required to configure it:
-- `springAddonsResourceServerSecurityFilterChain`: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login as defined in [`SpringAddonsSecurityProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java)
-- `authorizePostProcessor`: a bean of type `AuthorizeExchangeSpecPostProcessor` to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `httpPostProcessor`: a bean of type `ServerHttpSecurityPostProcessor` to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-- `authenticationManagerResolver`: to accept identities issued by more than a single OP, the recommended way is to provide an `ReactiveAuthenticationManagerResolver<ServerWebExchange>` supporting it. Default keeps a `JwtReactiveAuthenticationManager` with its own `ReactiveJwtDecoder` for each issuer.
-- `csrfCookieWebFilter`: a `WebFilter` to set the CSRF cookie if `com.c4-soft.springaddons.security.client.csrf` is set with one of the two cookie options
-- `serverAccessDeniedHandler`: a bean to switch from default behavior of redirecting unauthorized users to login (302) to returning 401 (unauthorized)
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/license.txt b/webflux/spring-addons-webflux-jwt-resource-server/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/lombok.config b/webflux/spring-addons-webflux-jwt-resource-server/lombok.config
deleted file mode 100644
index 8f7e8aa1a..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/lombok.config
+++ /dev/null
@@ -1 +0,0 @@
-lombok.addLombokGeneratedAnnotation = true
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/pom.xml b/webflux/spring-addons-webflux-jwt-resource-server/pom.xml
deleted file mode 100644
index 0ed5ecf81..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-jwt-resource-server</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java b/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java
deleted file mode 100644
index 391ca50c6..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/reactive/AddonsSecurityBeans.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.reactive;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
-
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ReactiveJwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-
-import lombok.extern.slf4j.Slf4j;
-import reactor.core.publisher.Mono;
-
-/**
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@AutoConfiguration
-@Slf4j
-@ImportAutoConfiguration(SpringAddonsSecurityProperties.class)
-public class AddonsSecurityBeans {
-
-	/**
-	 * Retrieves granted authorities from the Jwt (from its private claims or with the help of an external service)
-	 *
-	 * @param  securityProperties
-	 * @return
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-		log.debug("Building default CorsConfigurationSource with: {}", addonsProperties);
-		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-	}
-
-	/**
-	 * Converter bean from {@link Jwt} to {@link AbstractAuthenticationToken}
-	 *
-	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
-	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
-	 * @return                       a converter from {@link Jwt} to {@link AbstractAuthenticationToken}
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ReactiveJwtAbstractAuthenticationTokenConverter
-			jwtAuthenticationConverter(ClaimSetAuthoritiesConverter authoritiesConverter, SpringAddonsSecurityProperties addonsProperties) {
-		return jwt -> Mono.just(
-				new JwtAuthenticationToken(
-						jwt,
-						authoritiesConverter.convert(jwt.getClaims()),
-						new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getIssuer()).getUsernameClaim()).getName()));
-	}
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webflux/spring-addons-webflux-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index f902ae469..000000000
--- a/webflux/spring-addons-webflux-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans
-com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-jwt-test/pom.xml b/webflux/spring-addons-webflux-jwt-test/pom.xml
deleted file mode 100644
index 43ca481ce..000000000
--- a/webflux/spring-addons-webflux-jwt-test/pom.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webflux</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webflux-jwt-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-client</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-jwt-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webflux-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<optional>true</optional>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-api</artifactId>
-			<optional>true</optional>
-		</dependency>
-		
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
diff --git a/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsSecurity.java b/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsSecurity.java
deleted file mode 100644
index 812449fe1..000000000
--- a/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsSecurity.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.webflux.jwt;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.junit.jupiter.api.TestInstance;
-import org.junit.jupiter.api.TestInstance.Lifecycle;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.AuthenticationFactoriesTestConf;
-
-/**
- * <p>
- * To be used to test services or repositories but <b>not controllers</b>: auto-configures {@link AddonsSecurityBeans} only
- * </p>
- * See {@link AutoConfigureAddonsWebSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@ExtendWith(SpringExtension.class)
-@ImportAutoConfiguration({ AddonsSecurityBeans.class, AuthenticationFactoriesTestConf.class })
-@TestInstance(Lifecycle.PER_CLASS)
-public @interface AutoConfigureAddonsSecurity {
-}
diff --git a/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsWebSecurity.java b/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsWebSecurity.java
deleted file mode 100644
index 34de0eeee..000000000
--- a/webflux/spring-addons-webflux-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/jwt/AutoConfigureAddonsWebSecurity.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.webflux.jwt;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.reactive.SpringAddonsOAuth2ClientBeans;
-import com.c4_soft.springaddons.security.oauth2.test.webflux.AddonsWebfluxTestConf;
-
-/**
- * <p>
- * Auto-configures {@link AddonsSecurityBeans} and {@link AddonsWebSecurityBeans}. To be used to test controllers but not services or repositories (web context
- * is not desired in that case).
- * </p>
- * See {@link AutoConfigureAddonsSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@AutoConfigureAddonsSecurity
-@ImportAutoConfiguration({ AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class, AddonsWebfluxTestConf.class })
-public @interface AutoConfigureAddonsWebSecurity {
-}
diff --git a/webflux/spring-addons-webflux-test/README.MD b/webflux/spring-addons-webflux-test/README.MD
deleted file mode 100644
index 3ea404762..000000000
--- a/webflux/spring-addons-webflux-test/README.MD
+++ /dev/null
@@ -1,56 +0,0 @@
-# spring-addons-webflux-test
-
-Set of tools I find useful to test Spring reactive web apps (webflux).
-
-``` xml
-    <dependencies>
-        <dependency>
-            <groupId>com.c4-soft.springaddons</groupId>
-            <artifactId>spring-addons-webflux-test</artifactId>
-            <version>${com.c4-soft.springaddons.version}</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-```
-
-## `WebTestClient` configurers
-I propose two classes implementing both `WebTestClientConfigurer` and `MockServerConfigurer` to use with `WebTestClient`:
- * `MockAuthenticationWebTestClientConfigurer` to use a Mockito mock of an `Authentication` descendent of your choice (any type implementing `Authentication`)
- * `OidcIdAuthenticationTokenWebTestClientConfigurer` to have `TestSecurityContext` populated with an ... `OidcIdAuthenticationToken`
-
-Browse unit tests to see more samples:
- ``` java
-import static com.c4_soft.springaddons.security.oauth2.test.webflux.MockAuthenticationWebTestClientConfigurer.mockAuthentication;
-
-    @Test
-    public void testAccessSecuredMethodWithoutRequiredAuthority() {
-        client.mutateWith(mockAuthentication()).get("/secured-method")
-            .expectStatus().isForbidden();
-    }
- ```
- ``` java
-import static com.c4_soft.springaddons.security.oauth2.test.webflux.OidcIdAuthenticationTokenWebTestClientConfigurer.oidcId;
-
-    @Test
-    public void testDefaultAccessTokenConfigurer() {
-        client.mutateWith(oidcId()).get("/greet").expectBody(String.class)
-                .isEqualTo("Hello user! You are granted with [].");
-    }
- ```
-
- ## `WebTestClientSupport`
- A wrapper for `WebTestClient` providing with configurable default charset and media-type along with shortcuts for most requests.
-
- Configuration properties are:
-  * `com.c4-soft.springaddons.test.web.default-charset` defaulted to `utf-8`
-  * `com.c4-soft.springaddons.test.web.default-media-type` defaulted to `application+json`
-
-``` java
-webTestClient.get().uri("/greet").accept(MediaType.APPLICATION_JSON).acceptCharset(Charset.forName("UTF-8")).exchange()
-```
-becomes
-``` java
-webTestClient.get("/greet")
-```
-
-To use it, you can for instance `@Import(WebTestClientSupport.class)`, scan for components in `com.c4_soft.springaddons.security.oauth2.test.webflux` package, add `WebTestClientSupport.class` to `@ContextConfiguration` classes, etc. (has to be instantiated by Spring for config properties to be parsed / defaulted)
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationFactoriesTestConf.java b/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationFactoriesTestConf.java
deleted file mode 100644
index c04bac74a..000000000
--- a/webflux/spring-addons-webflux-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webflux/AuthenticationFactoriesTestConf.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.webflux;
-
-import java.util.Optional;
-
-import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.context.annotation.Bean;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter;
-
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-
-import reactor.core.publisher.Mono;
-
-@TestConfiguration
-public class AuthenticationFactoriesTestConf {
-
-
-	@Bean
-	WithJwt.AuthenticationFactory jwtAuthFactory(Optional<Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>> authenticationConverter) {
-		return new WithJwt.AuthenticationFactory(Optional.empty(), authenticationConverter);
-	}
-
-	@Bean
-	WithOpaqueToken.AuthenticationFactory opaquetokenAuthFactory(Optional<ReactiveOpaqueTokenAuthenticationConverter> authenticationConverter) {
-		return new WithOpaqueToken.AuthenticationFactory(Optional.empty(), authenticationConverter);
-	}
-
-}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/webflux/spring-addons-webflux-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json
deleted file mode 100644
index 7879858f6..000000000
--- a/webflux/spring-addons-webflux-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{"properties": [
-    {
-      "name": "com.c4-soft.springaddons.test.web.default-charset",
-      "type": "java.lang.String",
-      "sourceType": "com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport$MockMvcProperties",
-      "defaultValue": "utf-8",
-      "description": "Default charset for requests issued with WebTestClientSupport"
-    },
-    {
-      "name": "com.c4-soft.springaddons.test.web.default-media-type",
-      "type": "java.lang.String",
-      "sourceType": "com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport$MockMvcProperties",
-      "defaultValue": "application\/json",
-      "description": "Default media-type for requests issued with WebTestClientSupport"
-    }]}
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webflux/spring-addons-webflux-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index 96e6dfd14..000000000
--- a/webflux/spring-addons-webflux-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.test.webflux.WebTestClientProperties
\ No newline at end of file
diff --git a/webflux/spring-addons-webflux-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker b/webflux/spring-addons-webflux-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker
deleted file mode 100644
index ca6ee9cea..000000000
--- a/webflux/spring-addons-webflux-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker
+++ /dev/null
@@ -1 +0,0 @@
-mock-maker-inline
\ No newline at end of file
diff --git a/webmvc/pom.xml b/webmvc/pom.xml
deleted file mode 100644
index 65501b1cb..000000000
--- a/webmvc/pom.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc</artifactId>
-	<packaging>pom</packaging>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<modules>
-		<module>spring-addons-webmvc-core</module>
-		<module>spring-addons-webmvc-introspecting-resource-server</module>
-		<module>spring-addons-webmvc-jwt-resource-server</module>
-		<module>spring-addons-webmvc-test</module>
-		<module>spring-addons-webmvc-introspecting-test</module>
-		<module>spring-addons-webmvc-jwt-test</module>
-		<module>spring-addons-webmvc-client</module>
-	</modules>
-
-</project>
diff --git a/webmvc/spring-addons-webmvc-client/README.md b/webmvc/spring-addons-webmvc-client/README.md
deleted file mode 100644
index 8c859639f..000000000
--- a/webmvc/spring-addons-webmvc-client/README.md
+++ /dev/null
@@ -1,201 +0,0 @@
-# `spring-addons-webmvc-client`
-A thin wrapper around `spring-boot-starter-oauth2-client` which pushes auto-configuration one step further.
-
-## How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`SpringAddonsOAuth2ClientBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2ClientBeans.java) with a bunch of OAuth2 client related beans configurable from application properties
-- [`SpringAddonsBackChannelLogoutBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsBackChannelLogoutBeans.java) which contains the beans definition for a client [Back-Channel Logout](https://openid.net/specs/openid-connect-backchannel-1_0.html) implementation: a security filter-chain and a `@RestController`.
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it.
-
-## What is auto configured
-The most accurate information about [`SpringAddonsOAuth2ClientBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsOAuth2ClientBeans.java) and [`SpringAddonsBackChannelLogoutBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-client/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/SpringAddonsBackChannelLogoutBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### SpringAddonsOAuth2ClientBeans
-- `springAddonsClientFilterChain`: a security filter-chain instantiated only if `com.c4-soft.springaddons.security.client.security-matchers` property has at least one entry. If defined, it is a high precedence, to ensure that all routes defined in this security matcher property are intercepted by this filter-chain. Refer to [`SpringAddonsOAuth2ClientProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsOAuth2ClientProperties.java) for configuration options. **If you provide a `login-path` in the application properties, you'll also have to provide with a controller to handle that path**. There can be two motivation for that: you want to write your own login page or you want to enable SSL when bound to port `80` or `8080`.
-- `oAuth2AuthorizationRequestResolver`: default instance is a `SpringAddonsOAuth2AuthorizationRequestResolver` which sets the client hostname in the redirect URI with `com.c4-soft.springaddons.security.client.client-uri`. It is configured as the authorization request resolver to use only if a `login-path` was provided (this resolver was designed to work around PortMapperImpl aggressively modifying 80 and 8080 ports in all login redirect URIs when SSL is enabled and works in together with an absolute URI for the login page).
-- `logoutRequestUriBuilder`: builder for [RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) queries, taking configuration from properties for OIDC providers which do not strictly comply with the spec: logout URI not provided by OIDC conf or non standard parameter names (Auth0 and Cognito are samples of such OPs)
-- `logoutSuccessHandler`: default instance is a `SpringAddonsOAuth2LogoutSuccessHandler` which logs a user out from the last authorization server he logged on
-- `authoritiesConverter`: an `OAuth2AuthoritiesConverter`. Default instance is a `ConfigurableClaimSet2AuthoritiesConverter` which reads spring-addons `SpringAddonsSecurityProperties`
-- `grantedAuthoritiesMapper`: a `GrantedAuthoritiesMapper` using the already configured `OAuth2AuthoritiesConverter`
-- `corsConfigurationSource`: CORS configuration built from `SpringAddonsOAuth2ClientProperties`
-- `oAuth2AuthorizedClientRepository`: a `SpringAddonsOAuth2AuthorizedClientRepository` (which is also a session listener) capable of handling multi-tenancy and [Back-Channel Logout](https://openid.net/specs/openid-connect-backchannel-1_0.html)
-- `clientAuthorizePostProcessor`: a post processor to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `clientHttpPostProcessor`: a post processor to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-
-### SpringAddonsBackChannelLogoutBeans
-This two beans are instantiated only if `com.c4-soft.springaddons.security.client.back-channel-logout-enabled` is `true`
-- `springAddonsBackChannelLogoutClientFilterChain`: a filter chain with highest precedence intercepting requests to just `/backchannel_logout`, with no session, no CSRF protection and no access-control: security is based on ly on the logout JWT in the request payload.
-- `BackChannelLogoutController` a REST controller to handle just the POST requests to `/backchannel_logout` with a logout JWT provided as `application/x-www-form-urlencoded`
-
-## Sample usage
-The [resource server & UI](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials/resource-server_with_ui) tutorial uses this starter to configure a Spring Boot application with a client security filter-chain (in addition to a resource server one configured with `spring-addons-webmvc-jwt-resource-server` starter). In this sample, the Java web-security configuration is reduced to almost nothing, all the configuration being defined with the following properties:
-```yaml
-api-host: ${scheme}://localhost:${server.port}
-ui-host: ${api-host}
-rp-initiated-logout-enabled: true
-
-scheme: http
-keycloak-port: 8442
-keycloak-issuer: ${scheme}://localhost:${keycloak-port}/realms/master
-keycloak-secret: change-me
-cognito-issuer: https://cognito-idp.us-west-2.amazonaws.com/us-west-2_RzhmgLwjl
-cognito-secret: change-me
-auth0-issuer: https://dev-ch4mpy.eu.auth0.com/
-auth0-secret: change-me
-
-server:
-  port: 7443
-  ssl:
-    enabled: false
-      
-spring:
-  lifecycle:
-    timeout-per-shutdown-phase: 30s
-  security:
-    oauth2:
-      client:
-        provider:
-          keycloak:
-            issuer-uri: ${keycloak-issuer}
-          cognito:
-            issuer-uri: ${cognito-issuer}
-          auth0:
-            issuer-uri: ${auth0-issuer}
-        registration:
-          keycloak-user:
-            authorization-grant-type: authorization_code
-            client-name: a local Keycloak instance
-            client-id: spring-addons-confidential
-            client-secret: ${keycloak-secret}
-            provider: keycloak
-            scope: openid,profile,email,offline_access
-          keycloak-programmatic:
-            authorization-grant-type: client_credentials
-            client-id: spring-addons-confidential
-            client-secret: ${keycloak-secret}
-            provider: keycloak
-            scope: openid,offline_access
-          cognito-confidential-user:
-            authorization-grant-type: authorization_code
-            client-name: Amazon Cognito
-            client-id: 12olioff63qklfe9nio746es9f
-            client-secret: ${cognito-secret}
-            provider: cognito
-            scope: openid,profile,email
-          auth0-confidential-user:
-            authorization-grant-type: authorization_code
-            client-name: Auth0
-            client-id: TyY0H7xkRMRe6lDf9F8EiNqCo8PdhICy
-            client-secret: ${auth0-secret}
-            provider: auth0
-            scope: openid,profile,email,offline_access
-
-com:
-  c4-soft:
-    springaddons:
-      security:
-        cors:
-        - path: /api/greet
-        issuers:
-        - location: ${keycloak-issuer}
-          username-claim: $.preferred_username
-          authorities:
-          - path: $.realm_access.roles
-          - path: $.resource_access.*.roles
-        - location: ${cognito-issuer}
-          username-claim: $.username
-          authorities:
-          - path: $.cognito:groups
-        - location: ${auth0-issuer}
-          username-claim: $['https://c4-soft.com/user']['name']
-          authorities:
-          - path: $['https://c4-soft.com/user']['roles']
-          - path: $.permissions
-        permit-all: 
-        - /actuator/health/readiness
-        - /actuator/health/liveness
-        - /v3/api-docs/**
-        - /api/public
-        client:
-          security-matchers:
-          - /login/**
-          - /oauth2/**
-          - /
-          - /ui/**
-          - /swagger-ui.html
-          - /swagger-ui/**
-          permit-all:
-          - /login/**
-          - /oauth2/**
-          - /
-          - /ui/
-          - /swagger-ui.html
-          - /swagger-ui/**
-          client-uri: ${ui-host}
-          post-login-redirect-path: /ui/greet
-          post-logout-redirect-path: /ui/greet
-          back-channel-logout-enabled: true
-          oauth2-logout:
-            - client-registration-id: cognito-confidential-user
-              uri: https://spring-addons.auth.us-west-2.amazoncognito.com/logout
-              client-id-request-param: client_id
-              post-logout-uri-request-param: logout_uri
-            - client-registration-id: auth0-confidential-user
-              uri: ${auth0-issuer}v2/logout
-              client-id-request-param: client_id
-              post-logout-uri-request-param: returnTo
-          authorization-request-params:
-            auth0-confidential-user:
-              - name: audience
-                value: demo.c4-soft.com
-        
-logging:
-  level:
-    org:
-      springframework:
-        security: DEBUG
-            
-management:
-  endpoint:
-    health:
-      probes:
-        enabled: true
-  endpoints:
-    web:
-      exposure:
-        include: '*'
-  health:
-    livenessstate:
-      enabled: true
-    readinessstate:
-      enabled: true
-
----
-scheme: https
-keycloak-port: 8443
-
-server:
-  ssl:
-    enabled: true
-
-spring:
-  config:
-    activate:
-      on-profile: ssl
-
----
-server:
-  port: 8080
-com:
-  c4-soft:
-    springaddons:
-      security:
-        client:
-          login-path: /login
-
-spring:
-  config:
-    activate:
-      on-profile: custom-login
-```
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-client/license.txt b/webmvc/spring-addons-webmvc-client/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webmvc/spring-addons-webmvc-client/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webmvc/spring-addons-webmvc-client/lombok.config b/webmvc/spring-addons-webmvc-client/lombok.config
deleted file mode 100644
index 8f7e8aa1a..000000000
--- a/webmvc/spring-addons-webmvc-client/lombok.config
+++ /dev/null
@@ -1 +0,0 @@
-lombok.addLombokGeneratedAnnotation = true
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-client/pom.xml b/webmvc/spring-addons-webmvc-client/pom.xml
deleted file mode 100644
index 2bd5ac1dc..000000000
--- a/webmvc/spring-addons-webmvc-client/pom.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-client</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>jakarta.servlet</groupId>
-			<artifactId>jakarta.servlet-api</artifactId>
-		</dependency>
-		
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-client</artifactId>
-		</dependency>
-		
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-core</artifactId>
-		</dependency>
-		
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webmvc/spring-addons-webmvc-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index 8f8da5dba..000000000
--- a/webmvc/spring-addons-webmvc-client/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans
-com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsBackChannelLogoutBeans
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-core/license.txt b/webmvc/spring-addons-webmvc-core/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webmvc/spring-addons-webmvc-core/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webmvc/spring-addons-webmvc-core/pom.xml b/webmvc/spring-addons-webmvc-core/pom.xml
deleted file mode 100644
index 01e8bf89b..000000000
--- a/webmvc/spring-addons-webmvc-core/pom.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-core</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-oauth2</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-jose</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-		
-		<dependency>
-			<groupId>jakarta.servlet</groupId>
-			<artifactId>jakarta.servlet-api</artifactId>
-			<scope>provided</scope>
-			<optional>true</optional>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java b/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java
deleted file mode 100644
index 1636cc57a..000000000
--- a/webmvc/spring-addons-webmvc-core/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/ResourceServerExpressionInterceptUrlRegistryPostProcessor.java
+++ /dev/null
@@ -1,4 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
-
-public interface ResourceServerExpressionInterceptUrlRegistryPostProcessor extends ExpressionInterceptUrlRegistryPostProcessor {
-}
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/README.MD b/webmvc/spring-addons-webmvc-introspecting-resource-server/README.MD
deleted file mode 100644
index 5e56b6e68..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/README.MD
+++ /dev/null
@@ -1,129 +0,0 @@
-# `spring-addons-webmvc-introspecting-resource-server`
-A thin wrapper around `spring-boot-starter-oauth2-client` which pushes auto-configuration one step further for servlet resource servers using access token introspection.
-
-## How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) with a single `OAuth2AuthoritiesConverter` (an alias for `Converter<Map<String, Object>, Collection<? extends GrantedAuthority>>`)
-- [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) which contains a few other beans involved in the creation of a security filter chain for a single-tenant resource server using access token introspection.
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it, with one notable exception: the `springAddonsResourceServerSecurityFilterChain` is not conditional and instantiated in any case (with lowest precedence) if you depend on this starter.
-
-## What is auto configured
-The most accurate information about [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) and [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### AddonsSecurityBeans
-Provides with:
-- `authoritiesConverter` which is an instance of `ConfigurableClaimSet2AuthoritiesConverter`. This bean is configured with application properties and is able to map spring-security authorities from any claims with prefix and case transformation defined for each claim.
-- `introspectionAuthenticationConverter`: a converter from a successful introspection to something inheriting from `AbstractAuthenticationToken`. The default instantiate a `BearerTokenAuthentication` with authorities mapping as configured for the issuer declared in the introspected claims. The easiest to override the type of `AbstractAuthenticationToken`, is to provide with an `OpaqueTokenAuthenticationConverter` bean.
-
-### AddonsWebSecurityBeans
-Provides with a (non conditional) security filter-chain as well as (conditional) defaults for all the beans required to configure it:
-- `springAddonsResourceServerSecurityFilterChain`: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login as defined in [`SpringAddonsSecurityProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java)
-- `authorizePostProcessor`: a bean of type `ExpressionInterceptUrlRegistryPostProcessor` to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `httpPostProcessor`: a bean of type `HttpSecurityPostProcessor` to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-
-## Usage
-Please take time to browse [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials) and [samples](https://github.com/ch4mpy/spring-addons/tree/master/samples).
-
-All you need is declare a dependency on `spring-addons-webmvc-introspection-resource-server` and define a few properties.
-
-You might use any OIDC Provider (including Keycloak, Auth0, Cognito, etc.), but only one at a time.
-
-``` xml
-<dependencies>
-    <dependency>
-        <groupId>com.c4-soft.springaddons</groupId>
-        <artifactId>spring-addons-webmvc-introspection-resource-server</artifactId>
-        <version>${com.c4-soft.springaddons.version}</version>
-    </dependency>
-</dependencies>
-```
-``` java
-@SpringBootApplication
-public class SampleApi {
-    public static void main(String[] args) {
-        new SpringApplicationBuilder(SampleApi.class).web(WebApplicationType.SERVLET).run(args);
-    }
-
-    @Configuration
-    @EnableMethodSecurity
-    public static class WebSecurityConfig {
-    }
-}
-```
-```yaml
-scheme: http
-origins: ${scheme}://localhost:4200
-keycloak-port: 8442
-keycloak-issuer: ${scheme}://localhost:${keycloak-port}/realms/master
-
-server:
-  error:
-    include-message: always
-  ssl:
-    enabled: false
-
-spring:
-  lifecycle:
-    timeout-per-shutdown-phase: 30s
-  security:
-    oauth2:
-      resourceserver:
-        opaquetoken:
-          client-id: spring-addons-confidential
-          client-secret: change-me
-          introspection-uri: ${keycloak-issuer}/protocol/openid-connect/token/introspect
-
-com:
-  c4-soft:
-    springaddons:
-      security:
-        cors:
-        - path: /**
-          allowed-origins: ${origins}
-        issuers:
-        - location: ${keycloak-issuer}
-          username-claim: preferred_username
-          authorities:
-          - path: $.realm_access.roles
-          - path: $.resource_access.*.roles
-        permit-all: 
-        - "/actuator/health/readiness"
-        - "/actuator/health/liveness"
-        - "/v3/api-docs/**"
-        
-logging:
-  level:
-    org:
-      springframework:
-        security: DEBUG
-        
-management:
-  endpoint:
-    health:
-      probes:
-        enabled: true
-  endpoints:
-    web:
-      exposure:
-        include: '*'
-  health:
-    livenessstate:
-      enabled: true
-    readinessstate:
-      enabled: true
-
----
-scheme: https
-keycloak-port: 8443
-
-server:
-  ssl:
-    enabled: true
-
-spring:
-  config:
-    activate:
-      on-profile: ssl
-
-```
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/license.txt b/webmvc/spring-addons-webmvc-introspecting-resource-server/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/pom.xml b/webmvc/spring-addons-webmvc-introspecting-resource-server/pom.xml
deleted file mode 100644
index e497e30cf..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/pom.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-core</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java b/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java
deleted file mode 100644
index 518413988..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
-
-import java.time.Instant;
-import java.util.Collection;
-import java.util.Map;
-import java.util.stream.Stream;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
-import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
-import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
-import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
-
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-
-import lombok.extern.slf4j.Slf4j;
-
-/**
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@AutoConfiguration
-@Slf4j
-@Import({ SpringAddonsSecurityProperties.class })
-public class AddonsSecurityBeans {
-
-	/**
-	 * Retrieves granted authorities from the introspected token attributes, according to configuration set for the issuer set in this attributes
-	 *
-	 * @param  securityProperties
-	 * @return
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-		log.debug("Building default SimpleJwtGrantedAuthoritiesConverter with: {}", addonsProperties);
-		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-	}
-
-	/**
-	 * Converter bean from successful introspection result to an {@link Authentication} instance
-	 *
-	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
-	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
-	 * @return                       a converter from successful introspection result to an {@link Authentication} instance
-	 */
-	@SuppressWarnings("unchecked")
-	@ConditionalOnMissingBean
-	@Bean
-	OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
-			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties,
-			OAuth2ResourceServerProperties resourceServerProperties) {
-		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> {
-			return new BearerTokenAuthentication(
-					new OAuth2IntrospectionAuthenticatedPrincipal(
-							new OpenidClaimSet(
-									authenticatedPrincipal.getAttributes(),
-									Stream.of(addonsProperties.getIssuers())
-											.filter(
-													issProps -> resourceServerProperties.getOpaquetoken().getIntrospectionUri()
-															.contains(issProps.getLocation().toString()))
-											.findAny().orElse(addonsProperties.getIssuers()[0]).getUsernameClaim()).getName(),
-							authenticatedPrincipal.getAttributes(),
-							(Collection<GrantedAuthority>) authenticatedPrincipal.getAuthorities()),
-					new OAuth2AccessToken(
-							OAuth2AccessToken.TokenType.BEARER,
-							introspectedToken,
-							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT)).longValue()),
-							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)).longValue())),
-					authoritiesConverter.convert(authenticatedPrincipal.getAttributes()));
-		};
-	}
-}
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java b/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java
deleted file mode 100644
index 519f6ab5b..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java
+++ /dev/null
@@ -1,140 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
-
-import java.util.Arrays;
-import java.util.stream.Stream;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.web.ServerProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.server.SecurityWebFilterChain;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.CorsProperties;
-
-import lombok.extern.slf4j.Slf4j;
-
-/**
- * <p>
- * <b>Usage</b><br>
- * If not using spring-boot, &#64;Import or &#64;ComponentScan this class. All beans defined here are &#64;ConditionalOnMissingBean =&gt; just define your own
- * &#64;Beans to override.
- * </p>
- * <p>
- * <b>Provided &#64;Beans</b>
- * </p>
- * <ul>
- * <li>springAddonsResourceServerSecurityFilterChain: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login
- * as defined in <a href=
- * "https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java">SpringAddonsSecurityProperties</a></li>
- * <li>authorizePostProcessor: a bean of type {@link ExpressionInterceptUrlRegistryPostProcessor} to fine tune access control from java configuration. It
- * applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. <b>This is a bean to provide in your
- * application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.</b></li>
- * <li>httpPostProcessor: a bean of type {@link ResourceServerHttpSecurityPostProcessor} to override anything from above auto-configuration. It is called just
- * before the security filter-chain is returned. Default is a no-op.</li>
- * <li>introspectionAuthenticationConverter: a converter from a successful introspection to something inheriting from {@link AbstractAuthenticationToken}. The
- * default instantiate a `BearerTokenAuthentication` with authorities mapping as configured for the issuer declared in the introspected claims. The easiest to
- * override the type of {@link AbstractAuthenticationToken}, is to provide with an Converter&lt;Jwt, ? extends AbstractAuthenticationToken&gt; bean.</li>
- * </ul>
- *
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@ConditionalOnProperty(matchIfMissing = true, prefix = "com.c4-soft.springaddons.security", name = "enabled")
-@AutoConfiguration
-@EnableWebSecurity
-@Slf4j
-@Import({ AddonsSecurityBeans.class })
-public class AddonsWebSecurityBeans {
-
-	/**
-	 * <p>
-	 * Applies SpringAddonsSecurityProperties to web security config. Be aware that defining a {@link SecurityWebFilterChain} bean with no security matcher and
-	 * an order higher than LOWEST_PRECEDENCE will disable most of this lib auto-configuration for OpenID resource-servers.
-	 * </p>
-	 * <p>
-	 * You should consider to set security matcher to all other {@link SecurityWebFilterChain} beans and provide a {@link ServerHttpSecurityPostProcessor} bean
-	 * to override anything from this bean
-	 * </p>
-	 * .
-	 *
-	 * @param  http                                 HTTP security to configure
-	 * @param  serverProperties                     Spring "server" configuration properties
-	 * @param  addonsProperties                     "com.c4-soft.springaddons.security" configuration properties
-	 * @param  authorizePostProcessor               Hook to override access-control rules for all path that are not listed in "permit-all"
-	 * @param  httpPostProcessor                    Hook to override all or part of HttpSecurity auto-configuration
-	 * @param  introspectionAuthenticationConverter Converts successful introspection result into an {@link Authentication}
-	 * @return                                      A default {@link SecurityWebFilterChain} for servlet resource-servers with access-token introspection
-	 *                                              (matches all unmatched routes with lowest precedence)
-	 */
-	@Order(Ordered.LOWEST_PRECEDENCE)
-	@Bean
-	SecurityFilterChain springAddonsResourceServerSecurityFilterChain(
-			HttpSecurity http,
-			ServerProperties serverProperties,
-			SpringAddonsSecurityProperties addonsProperties,
-			ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor,
-			ResourceServerHttpSecurityPostProcessor httpPostProcessor,
-			OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter,
-			OpaqueTokenIntrospector opaqueTokenIntrospector)
-			throws Exception {
-		http.oauth2ResourceServer(server -> server.opaqueToken(ot -> {
-			ot.introspector(opaqueTokenIntrospector);
-			ot.authenticationConverter(introspectionAuthenticationConverter);
-		}));
-
-		ServletConfigurationSupport.configureResourceServer(http, serverProperties, addonsProperties, authorizePostProcessor, httpPostProcessor);
-
-		return http.build();
-	}
-
-	/**
-	 * Hook to override security rules for all path that are not listed in "permit-all". Default is isAuthenticated().
-	 *
-	 * @return a hook to override security rules for all path that are not listed in "permit-all". Default is isAuthenticated().
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ResourceServerExpressionInterceptUrlRegistryPostProcessor authorizePostProcessor() {
-		return registry -> registry.anyRequest().authenticated();
-	}
-
-	/**
-	 * Hook to override all or part of HttpSecurity auto-configuration. Called after spring-addons configuration was applied so that you can modify anything
-	 *
-	 * @return a hook to override all or part of HttpSecurity auto-configuration. Called after spring-addons configuration was applied so that you can modify
-	 *         anything
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ResourceServerHttpSecurityPostProcessor httpPostProcessor() {
-		return httpSecurity -> httpSecurity;
-	}
-
-	CorsConfigurationSource corsConfig(CorsProperties[] corsProperties) {
-		log.debug("Building default CorsConfigurationSource with: {}", Stream.of(corsProperties).toList());
-		final var source = new UrlBasedCorsConfigurationSource();
-		for (final var corsProps : corsProperties) {
-			final var configuration = new CorsConfiguration();
-			configuration.setAllowedOrigins(Arrays.asList(corsProps.getAllowedOrigins()));
-			configuration.setAllowedMethods(Arrays.asList(corsProps.getAllowedMethods()));
-			configuration.setAllowedHeaders(Arrays.asList(corsProps.getAllowedHeaders()));
-			configuration.setExposedHeaders(Arrays.asList(corsProps.getExposedHeaders()));
-			source.registerCorsConfiguration(corsProps.getPath(), configuration);
-		}
-		return source;
-	}
-}
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index a419f7ff5..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans
-com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-introspecting-test/pom.xml b/webmvc/spring-addons-webmvc-introspecting-test/pom.xml
deleted file mode 100644
index 54e8390b4..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-test/pom.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-introspecting-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-introspecting-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-webmvc</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<optional>true</optional>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-api</artifactId>
-			<optional>true</optional>
-		</dependency>
-		
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
diff --git a/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java b/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java
deleted file mode 100644
index 5e0fa3b77..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsSecurity.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.junit.jupiter.api.TestInstance;
-import org.junit.jupiter.api.TestInstance.Lifecycle;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AuthenticationFactoriesTestConf;
-
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@ImportAutoConfiguration({ SpringAddonsSecurityProperties.class, AddonsSecurityBeans.class, AuthenticationFactoriesTestConf.class })
-@ExtendWith(SpringExtension.class)
-@TestInstance(Lifecycle.PER_CLASS)
-public @interface AutoConfigureAddonsSecurity {
-}
diff --git a/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java b/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java
deleted file mode 100644
index 1a9276ad6..000000000
--- a/webmvc/spring-addons-webmvc-introspecting-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/introspecting/AutoConfigureAddonsWebSecurity.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc.introspecting;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-
-/**
- * <p>
- * Auto-configures {@link AddonsSecurityBeans} and {@link AddonsWebSecurityBeans}. To be used to test controllers but not services or repositories (web context
- * is not desired in that case).
- * </p>
- * See {@link AutoConfigureAddonsSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@AutoConfigureAddonsSecurity
-@ImportAutoConfiguration({ AddonsWebSecurityBeans.class, AddonsWebmvcTestConf.class })
-public @interface AutoConfigureAddonsWebSecurity {
-}
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/README.MD b/webmvc/spring-addons-webmvc-jwt-resource-server/README.MD
deleted file mode 100644
index d693c9bdb..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/README.MD
+++ /dev/null
@@ -1,28 +0,0 @@
-# `spring-addons-webmvc-jwt-resource-server`
-A thin wrapper around `spring-boot-starter-oauth2-resource-server` which pushes auto-configuration one step further for Spring Boot 3 servlet resource servers using JWT decoders.
-
-## 1. Usage
-All you need is declaring a dependency on `spring-addons-webmvc-jwt-resource-server` and defining a few properties.
-
-The [`webmvc-jwt-default` sample](https://github.com/ch4mpy/spring-addons/tree/master/samples/webmvc-jwt-default) explains basic configuration and is the best starting point. You might find some more advanced use-cases in [tutorials](https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials) and [samples](https://github.com/ch4mpy/spring-addons/tree/master/samples).
-
-## 2. How it works
-As any boot starter, a resource file defines what should be loaded: [`src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports) which specifies that two configuration sources should be loaded:
-- [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) with a single `OAuth2AuthoritiesConverter` (an alias for `Converter<Map<String, Object>, Collection<? extends GrantedAuthority>>`)
-- [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) which contains a few other beans involved in the creation of a security filter chain for a multi-tenant ready resource server using JWT decoder(s).
-
-Also, as any serious Boot starter, any bean defined there is conditional, so that one way or another, you can deactivate or overload it.
-
-## 3. What is auto configured
-The most accurate information about [`AddonsWebSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsWebSecurityBeans.java) and [`AddonsSecurityBeans`](https://github.com/ch4mpy/spring-addons/blob/master/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java) is in the source and Javadoc, but here is an idea of the auto configured beans.
-
-### 3.1. AddonsSecurityBeans
-Provides with an `authoritiesConverter` which is an instance of `ConfigurableClaimSet2AuthoritiesConverter`. This bean is configured with application properties and is able to map spring-security authorities from any claims with prefix and case transformation defined for each claim.
-
-### 3.2. AddonsWebSecurityBeans
-Provides with a (non conditional) security filter-chain as well as (conditional) defaults for all the beans required to configure it:
-- `springAddonsResourceServerSecurityFilterChain`: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL, redirect and 401 instead of redirect to login as defined in [`SpringAddonsSecurityProperties`](https://github.com/ch4mpy/spring-addons/blob/master/spring-addons-oauth2/src/main/java/com/c4_soft/springaddons/security/oauth2/config/SpringAddonsSecurityProperties.java)
-- `authorizePostProcessor`: a bean of type `ExpressionInterceptUrlRegistryPostProcessor` to fine tune access control from java configuration. It applies to all routes not listed in "permit-all" property configuration. Default requires users to be authenticated. **This is a bean to provide in your application configuration if you prefer to define fine-grained access control rules with Java configuration rather than methods security.**
-- `httpPostProcessor`: a bean of type `HttpSecurityPostProcessor` to override anything from above auto-configuration. It is called just before the security filter-chain is returned. Default is a no-op.
-- `jwtAuthenticationConverter`: a converter from a `Jwt` to something inheriting from `AbstractAuthenticationToken`. The default instantiate a `JwtAuthenticationToken` with username and authorities as configured for the issuer of thi token. The easiest to override the type of `AbstractAuthenticationToken`, is to provide with a `Converter<Jwt, ? extendsAbstractAuthenticationToken>` bean.
-- `authenticationManagerResolver`: to accept identities issued by more than a single OP, the recommended way is to provide an `JwtIssuerAuthenticationManagerResolver` supporting it. Default keeps a `JwtAuthenticationProvider` with its own `JwtDecoder` for each issuer.
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/license.txt b/webmvc/spring-addons-webmvc-jwt-resource-server/license.txt
deleted file mode 100644
index 20e4bd856..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/license.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/lombok.config b/webmvc/spring-addons-webmvc-jwt-resource-server/lombok.config
deleted file mode 100644
index 8f7e8aa1a..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/lombok.config
+++ /dev/null
@@ -1 +0,0 @@
-lombok.addLombokGeneratedAnnotation = true
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/pom.xml b/webmvc/spring-addons-webmvc-jwt-resource-server/pom.xml
deleted file mode 100644
index 200c4da64..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/pom.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-core</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-autoconfigure</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
-		</dependency>
-		<dependency>
-		    <groupId>org.springframework.boot</groupId>
-		    <artifactId>spring-boot-starter-webflux</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java b/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java
deleted file mode 100644
index 6c6ec874f..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/java/com/c4_soft/springaddons/security/oauth2/config/synchronised/AddonsSecurityBeans.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.config.synchronised;
-
-import java.util.Collection;
-import java.util.Map;
-
-import org.springframework.boot.autoconfigure.AutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
-
-import com.c4_soft.springaddons.security.oauth2.OpenidClaimSet;
-import com.c4_soft.springaddons.security.oauth2.config.ClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.ConfigurableClaimSetAuthoritiesConverter;
-import com.c4_soft.springaddons.security.oauth2.config.JwtAbstractAuthenticationTokenConverter;
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-
-import lombok.extern.slf4j.Slf4j;
-
-/**
- * @author Jerome Wacongne ch4mp&#64;c4-soft.com
- */
-@AutoConfiguration
-@Slf4j
-@Import({ SpringAddonsSecurityProperties.class })
-public class AddonsSecurityBeans {
-
-	/**
-	 * Retrieves granted authorities from the Jwt (from its private claims or with the help of an external service)
-	 *
-	 * @param  securityProperties
-	 * @return
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	ClaimSetAuthoritiesConverter authoritiesConverter(SpringAddonsSecurityProperties addonsProperties) {
-		log.debug("Building default SimpleJwtGrantedAuthoritiesConverter with: {}", addonsProperties);
-		return new ConfigurableClaimSetAuthoritiesConverter(addonsProperties);
-	}
-
-	/**
-	 * Converter bean from {@link Jwt} to {@link AbstractAuthenticationToken}
-	 *
-	 * @param  authoritiesConverter  converts access-token claims into Spring authorities
-	 * @param  securityProperties    Spring "spring.security" configuration properties
-	 * @param  authenticationFactory builds an {@link Authentication} instance from access-token string and claims
-	 * @return                       a converter from {@link Jwt} to {@link AbstractAuthenticationToken}
-	 */
-	@ConditionalOnMissingBean
-	@Bean
-	JwtAbstractAuthenticationTokenConverter jwtAuthenticationConverter(
-			Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
-			SpringAddonsSecurityProperties addonsProperties) {
-		return jwt -> new JwtAuthenticationToken(
-				jwt,
-				authoritiesConverter.convert(jwt.getClaims()),
-				new OpenidClaimSet(jwt.getClaims(), addonsProperties.getIssuerProperties(jwt.getIssuer()).getUsernameClaim()).getName());
-	}
-}
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index a419f7ff5..000000000
--- a/webmvc/spring-addons-webmvc-jwt-resource-server/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1,2 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans
-com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-jwt-test/pom.xml b/webmvc/spring-addons-webmvc-jwt-test/pom.xml
deleted file mode 100644
index 14cbf86d5..000000000
--- a/webmvc/spring-addons-webmvc-jwt-test/pom.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-jwt-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-client</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-webmvc</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<optional>true</optional>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.junit.jupiter</groupId>
-			<artifactId>junit-jupiter-api</artifactId>
-			<optional>true</optional>
-		</dependency>
-		
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
diff --git a/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsSecurity.java b/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsSecurity.java
deleted file mode 100644
index f67f95345..000000000
--- a/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsSecurity.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.junit.jupiter.api.TestInstance;
-import org.junit.jupiter.api.TestInstance.Lifecycle;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-import com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AuthenticationFactoriesTestConf;
-
-/**
- * <p>
- * To be used to test services or repositories but <b>not controllers</b>: auto-configures {@link AddonsSecurityBeans} only
- * </p>
- * See {@link AutoConfigureAddonsWebSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@ImportAutoConfiguration({ SpringAddonsSecurityProperties.class, AddonsSecurityBeans.class, AuthenticationFactoriesTestConf.class })
-@ExtendWith(SpringExtension.class)
-@TestInstance(Lifecycle.PER_CLASS)
-public @interface AutoConfigureAddonsSecurity {
-}
diff --git a/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsWebSecurity.java b/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsWebSecurity.java
deleted file mode 100644
index 64c32f710..000000000
--- a/webmvc/spring-addons-webmvc-jwt-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/webmvc/jwt/AutoConfigureAddonsWebSecurity.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.webmvc.jwt;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
-
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsWebSecurityBeans;
-import com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsOAuth2ClientBeans;
-import com.c4_soft.springaddons.security.oauth2.test.mockmvc.AddonsWebmvcTestConf;
-
-/**
- * <p>
- * Auto-configures {@link AddonsSecurityBeans} and {@link AddonsWebSecurityBeans}. To be used to test controllers but not services or repositories (web context
- * is not desired in that case).
- * </p>
- * See {@link AutoConfigureAddonsSecurity}
- *
- * @author Jérôme Wacongne &lt;ch4mp#64;c4-soft.com&gt;
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@AutoConfigureAddonsSecurity
-@ImportAutoConfiguration({ AddonsWebSecurityBeans.class, SpringAddonsOAuth2ClientBeans.class, AddonsWebmvcTestConf.class })
-public @interface AutoConfigureAddonsWebSecurity {
-}
diff --git a/webmvc/spring-addons-webmvc-test/README.MD b/webmvc/spring-addons-webmvc-test/README.MD
deleted file mode 100644
index 3fd6ff528..000000000
--- a/webmvc/spring-addons-webmvc-test/README.MD
+++ /dev/null
@@ -1,79 +0,0 @@
-# spring-addons-webmvc-test
-
-Set of tools I find useful to test Spring servlet web apps (webmvc).
-
-```xml
-    <dependencies>
-        <dependency>
-            <groupId>com.c4-soft.springaddons</groupId>
-            <artifactId>spring-addons-webmvc-test</artifactId>
-            <version>${com.c4-soft.springaddons.version}</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-```
-
-## Sample applications
-
-I put quite a few spring-boot app samples. To keep jar small, it is under `src/test` folders but can still be run / debug from within your favorite IDE.
-
-I recommand you clone my repo and debug the samples with a REST client like Postman, so that you can hack the config and tests.
-Adapting the samples to your Keycloak instance should be just a matter of editing `application.properties`.
-
-**Caveat** do not narrow your exploration to `keycloak` sample just beacause you are using a Keycloak authorization-server:
-I run all samples against a Keycloak instance.
-
-You should have a look at other samples too which might be simpler, not pulling Keycloak dependencies and more flexible.
-
-Last, `*RetrievingAuthoritiesFromDatabase` samples retrieve authorities from a DB instead of extracting it from JWT claims. The key in the DB is the user "subject".
-In that case, Keycloak authorisation-server is responsible for ensuring user ID only, authorities are the responsibility of the resource-server.
-As a consequence, (to run only, not in unit-tests) those samples expect a database to be accessible and populated, which I can't do for you
-as I can't know the "subject" claims for your test users registered in your Keycloak instance.
-
-## `MockMvc` post-processors
-
-I propose a few classes implementing `RequestPostProcessor` to use with `MockMvc`:
-
-- `MockAuthenticationRequestPostProcessor` to use a Mockito mock of an `Authentication` descendent of your choice (any type implementing `Authentication`)
-- `OidcIdAuthenticationRequestPostProcessor` to have `TestSecurityContext` populated with an ... `OidcIdAuthenticationToken`
-- `KeycloakAuthRequestPostProcessor` to have `TestSecurityContext` populated with a ... `KeycloakAuthenticationToken`
-
-```java
-import static com.c4_soft.springaddons.security.oauth2.test.mockmvc.OidcIdAuthenticationRequestPostProcessor.mockOidcId;
-
-@Test
-public void givenUserIsCh4mpy_whenGetGreet_thenOk() throws Exception {
-    mockMvc.with(ch4mpy())
-            .get("/greet")
-            .andExpect(content().string("Hello Ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL]."));
-}
-
-private OidcIdAuthenticationRequestPostProcessor ch4mpy() {
-    return mockOidcId().token(oidcId -> oidcId.preferredUsername("Ch4mpy"))
-            .authorities("ROLE_AUTHORIZED_PERSONNEL");
-}
-```
-
-again, browse the test sources for more samples, there are quite a few there.
-
-## `WebTestClientSupport`
-
-A wrapper for `MockMvcSupport` providing with configurable default charset and media-type, payloads serialization using `SerializationHelper` and shortcuts for most requests.
-`SerializationHelper` scans for registered `HttpMessageConverters` and then serializes payloads according to media-type and charset you specified, configured with below properties, or using defaults
-
-Configuration properties are:
-
-- `com.c4-soft.springaddons.test.web.default-charset` defaulted to `utf-8`
-- `com.c4-soft.springaddons.test.web.default-media-type` defaulted to `application+json`
-
-```java
-mockMvc.perform(get("/greet").accept(MediaType.APPLICATION_JSON).header("Accept-Encoding", "UTF-8"))
-```
-
-becomes
-
-```java
-mockMvc.get("/greet")
-```
-
-To use it, you can for instance `@Import(MockMvcSupport.class)`, scan for components in `com.c4_soft.springaddons.security.oauth2.test.mockmvc` package, add `MockMvcSupport.class` to `@ContextConfiguration` classes, etc. (has to be instantiated by Spring for config properties to be parsed / defaulted)
diff --git a/webmvc/spring-addons-webmvc-test/pom.xml b/webmvc/spring-addons-webmvc-test/pom.xml
deleted file mode 100644
index 995593ea2..000000000
--- a/webmvc/spring-addons-webmvc-test/pom.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-
-	<parent>
-		<groupId>com.c4-soft.springaddons</groupId>
-		<artifactId>spring-addons-webmvc</artifactId>
-		<version>6.2.1-SNAPSHOT</version>
-		<relativePath>..</relativePath>
-	</parent>
-	<artifactId>spring-addons-webmvc-test</artifactId>
-	
-	<url>https://github.com/ch4mpy/spring-addons/</url>
-	<scm>
-		<connection>scm:git:git://github.com/ch4mpy/spring-addons.git</connection>
-		<developerConnection>scm:git:git@github.com:ch4mpy/spring-addons.git</developerConnection>
-		<url>https://github.com/ch4mpy/spring-addons</url>
-		<tag>spring-addons-6.1.14</tag>
-	</scm>
-
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-oauth2-client</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-webmvc-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-oauth2-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>com.c4-soft.springaddons</groupId>
-			<artifactId>spring-addons-web-test</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-webmvc</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<optional>true</optional>
-			<scope>provided</scope>
-		</dependency>
-		
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-configuration-processor</artifactId>
-			<optional>true</optional>
-		</dependency>
-		
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.assertj</groupId>
-			<artifactId>assertj-core</artifactId>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-</project>
diff --git a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationFactoriesTestConf.java b/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationFactoriesTestConf.java
deleted file mode 100644
index a5d70be3d..000000000
--- a/webmvc/spring-addons-webmvc-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/mockmvc/AuthenticationFactoriesTestConf.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package com.c4_soft.springaddons.security.oauth2.test.mockmvc;
-
-import java.util.Optional;
-
-import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.context.annotation.Bean;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter;
-
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithJwt;
-import com.c4_soft.springaddons.security.oauth2.test.annotations.WithOpaqueToken;
-
-@TestConfiguration
-public class AuthenticationFactoriesTestConf {
-
-	@Bean
-	WithJwt.AuthenticationFactory jwtAuthFactory(Optional<Converter<Jwt, ? extends AbstractAuthenticationToken>> jwtAuthenticationConverter) {
-		return new WithJwt.AuthenticationFactory(jwtAuthenticationConverter, Optional.empty());
-	}
-
-	@Bean
-	WithOpaqueToken.AuthenticationFactory opaquetokenAuthFactory(Optional<OpaqueTokenAuthenticationConverter> authenticationConverter) {
-		return new WithOpaqueToken.AuthenticationFactory(authenticationConverter, Optional.empty());
-	}
-}
diff --git a/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json
deleted file mode 100644
index 5597c50e3..000000000
--- a/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-	"properties": [
-	    {
-	      "name": "com.c4-soft.springaddons.test.web.default-charset",
-	      "type": "java.lang.String",
-	      "sourceType": "com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport$MockMvcProperties",
-	      "defaultValue": "utf-8",
-	      "description": "Default charset for requests issued with MockMvcSupport"
-	    },
-	    {
-	      "name": "com.c4-soft.springaddons.test.web.default-media-type",
-	      "type": "java.lang.String",
-	      "sourceType": "com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcSupport$MockMvcProperties",
-	      "defaultValue": "application\/json",
-	      "description": "Default media-type for requests issued with MockMvcSupport"
-	    }
-    ]}
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
deleted file mode 100644
index 9f253b2b7..000000000
--- a/webmvc/spring-addons-webmvc-test/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ /dev/null
@@ -1 +0,0 @@
-com.c4_soft.springaddons.security.oauth2.test.mockmvc.MockMvcProperties
\ No newline at end of file
diff --git a/webmvc/spring-addons-webmvc-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker b/webmvc/spring-addons-webmvc-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker
deleted file mode 100644
index ca6ee9cea..000000000
--- a/webmvc/spring-addons-webmvc-test/src/main/resources/mockito-extensions/org.mockito.plugins.MockMaker
+++ /dev/null
@@ -1 +0,0 @@
-mock-maker-inline
\ No newline at end of file