Thanks for pointing this out.

In this example, the WebClient is configured with
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
and a clientCredentials() provider, which means the access token
is obtained using the Client Credentials grant.

Since this grant type does not involve a user, the token is
application-scoped.

ServerOAuth2AuthorizedClientExchangeFilterFunction is used here
only as a WebClient filter that delegates authorization to the
configured ReactiveOAuth2AuthorizedClientManager.