Hi Peter,
thank you very much for the suggestion.
I evaluated pac4j after reading your blog post (indeed its dependency is still in build file, commented out), but then I went with Scribe to simply port the old version (lazy me!) and because pac4j oauth under the cover uses Scribe itself so it looked cleaner to me to go straight with Scribe directly.
Said this, I completely missed the Spring security integration so sure I'll bear in mind pac4j: outsource the full S2 integration is appealing and will be surely better than my homemade solution :)
Best, Enrico