Google, and certain other 3rd party identity providers, are more strict about the token
type name that is sent in the headers to the user info endpoint. The default is “Bearer”
which suits most providers and matches the spec, but if you need to change it you can set
security.oauth2.resource.token-type
.