Thanks. It turns out our OpenID Connect provider (Keycloak) has a Spring Boot adapter, so I'll be giving that a try. Our end goal here is to use Keycloak as our Authx and Authn provider using OpenID Connect. In the next step we would add CSAM (federal authentication service) as an identity provider to Keycloak, enabling us to authenticate using the Belgian eID. This will allow our Shiny apps, which often contain sensitive data, to comply with the strictest of privacy regulations.
If I get anywhere with this I'll let you know. I think it could probably be a selling point to government agencies and municipalities needing reporting dashboards.