diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java
index b75358ded70..9365fa3ea3e 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java
@@ -131,8 +131,11 @@ public void introspectWhenActiveTokenThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 			String introspectUri = server.url("/introspect").toString();
-			OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
-					CLIENT_SECRET);
+			OpaqueTokenIntrospector introspectionClient = SpringOpaqueTokenIntrospector
+				.withIntrospectionUri(introspectUri)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.build();
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
 			// @formatter:off
 			assertThat(authority.getAttributes())
@@ -156,8 +159,11 @@ public void introspectWhenBadClientCredentialsThenError() throws IOException {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 			String introspectUri = server.url("/introspect").toString();
-			OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(introspectUri, CLIENT_ID,
-					"wrong");
+			OpaqueTokenIntrospector introspectionClient = SpringOpaqueTokenIntrospector
+				.withIntrospectionUri(introspectUri)
+				.clientId(CLIENT_ID)
+				.clientSecret("wrong")
+				.build();
 			assertThatExceptionOfType(OAuth2IntrospectionException.class)
 				.isThrownBy(() -> introspectionClient.introspect("token"));
 		}
@@ -263,20 +269,29 @@ public void introspectWhenActiveThenMapsAuthorities() {
 
 	@Test
 	public void constructorWhenIntrospectionUriIsNullThenIllegalArgumentException() {
-		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET));
+		assertThatIllegalArgumentException().isThrownBy(() -> SpringOpaqueTokenIntrospector.withIntrospectionUri(null)
+			.clientId(CLIENT_ID)
+			.clientSecret(CLIENT_SECRET)
+			.build());
+
 	}
 
 	@Test
 	public void constructorWhenClientIdIsNullThenIllegalArgumentException() {
 		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET));
+			.isThrownBy(() -> SpringOpaqueTokenIntrospector.withIntrospectionUri(INTROSPECTION_URL)
+				.clientId(null)
+				.clientSecret(CLIENT_SECRET)
+				.build());
 	}
 
 	@Test
 	public void constructorWhenClientSecretIsNullThenIllegalArgumentException() {
 		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null));
+			.isThrownBy(() -> SpringOpaqueTokenIntrospector.withIntrospectionUri(INTROSPECTION_URL)
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.build());
 	}
 
 	@Test
@@ -339,24 +354,6 @@ public void setAuthenticationConverterWhenNonNullConverterGivenThenConverterUsed
 		verify(authenticationConverter).convert(any());
 	}
 
-	@Test
-	public void introspectWithoutEncodeClientCredentialsThenExceptionIsThrown() throws Exception {
-		try (MockWebServer server = new MockWebServer()) {
-			String response = """
-					{
-						"active": true,
-						"username": "client%&1"
-					}
-					""";
-			server.setDispatcher(requiresAuth("client%25%261", "secret%40%242", response));
-			String introspectUri = server.url("/introspect").toString();
-			OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(introspectUri, "client%&1",
-					"secret@$2");
-			assertThatExceptionOfType(OAuth2IntrospectionException.class)
-				.isThrownBy(() -> introspectionClient.introspect("token"));
-		}
-	}
-
 	@Test
 	public void introspectWithEncodeClientCredentialsThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java
index 5d9b2f7223e..cd216bc1ddb 100644
--- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java
+++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java
@@ -111,8 +111,11 @@ public void authenticateWhenActiveTokenThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 			String introspectUri = server.url("/introspect").toString();
-			SpringReactiveOpaqueTokenIntrospector introspectionClient = new SpringReactiveOpaqueTokenIntrospector(
-					introspectUri, CLIENT_ID, CLIENT_SECRET);
+			SpringReactiveOpaqueTokenIntrospector introspectionClient = SpringReactiveOpaqueTokenIntrospector
+				.withIntrospectionUri(introspectUri)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.build();
 			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
 			assertThat(authority).isNotNull();
 			// @formatter:off
@@ -137,8 +140,11 @@ public void authenticateWhenBadClientCredentialsThenAuthenticationException() th
 		try (MockWebServer server = new MockWebServer()) {
 			server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
 			String introspectUri = server.url("/introspect").toString();
-			SpringReactiveOpaqueTokenIntrospector introspectionClient = new SpringReactiveOpaqueTokenIntrospector(
-					introspectUri, CLIENT_ID, "wrong");
+			SpringReactiveOpaqueTokenIntrospector introspectionClient = SpringReactiveOpaqueTokenIntrospector
+				.withIntrospectionUri(introspectUri)
+				.clientId(CLIENT_ID)
+				.clientSecret("wrong")
+				.build();
 			assertThatExceptionOfType(OAuth2IntrospectionException.class)
 				.isThrownBy(() -> introspectionClient.introspect("token").block());
 
@@ -241,19 +247,29 @@ public void setAuthenticationConverterWhenNonNullConverterGivenThenConverterUsed
 	@Test
 	public void constructorWhenIntrospectionUriIsEmptyThenIllegalArgumentException() {
 		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET));
+			.isThrownBy(() -> SpringReactiveOpaqueTokenIntrospector.withIntrospectionUri("")
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.build());
 	}
 
 	@Test
-	public void constructorWhenClientIdIsEmptyThenIllegalArgumentException() {
+	public void constructorWhenClientIdIsNullThenIllegalArgumentException() {
 		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET));
+			.isThrownBy(() -> SpringReactiveOpaqueTokenIntrospector.withIntrospectionUri(INTROSPECTION_URL)
+				.clientId(null)
+				.clientSecret(CLIENT_SECRET)
+				.build());
+
 	}
 
 	@Test
 	public void constructorWhenClientSecretIsNullThenIllegalArgumentException() {
 		assertThatIllegalArgumentException()
-			.isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null));
+			.isThrownBy(() -> SpringReactiveOpaqueTokenIntrospector.withIntrospectionUri(INTROSPECTION_URL)
+				.clientId(CLIENT_ID)
+				.clientSecret(null)
+				.build());
 	}
 
 	@Test
@@ -263,7 +279,7 @@ public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() {
 	}
 
 	@Test
-	public void introspectWithoutEncodeClientCredentialsThenExceptionIsThrown() throws Exception {
+	public void introspectWithoutEncodeClientCredentialsThenOk() throws Exception {
 		try (MockWebServer server = new MockWebServer()) {
 			String response = """
 					{
@@ -273,12 +289,17 @@ public void introspectWithoutEncodeClientCredentialsThenExceptionIsThrown() thro
 					""";
 			server.setDispatcher(requiresAuth("client%25%261", "secret%40%242", response));
 			String introspectUri = server.url("/introspect").toString();
-			ReactiveOpaqueTokenIntrospector introspectionClient = new SpringReactiveOpaqueTokenIntrospector(
-					introspectUri, "client%&1", "secret@$2");
-			// @formatter:off
-			assertThatExceptionOfType(OAuth2IntrospectionException.class)
-					.isThrownBy(() -> introspectionClient.introspect("token").block());
-			// @formatter:on
+
+			ReactiveOpaqueTokenIntrospector introspectionClient = SpringReactiveOpaqueTokenIntrospector
+				.withIntrospectionUri(introspectUri)
+				.clientId("client%&1")
+				.clientSecret("secret@$2")
+				.build();
+			OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token").block();
+			assertThat(authority).isNotNull();
+			assertThat(authority.getAttributes()).isNotNull()
+				.containsEntry(OAuth2TokenIntrospectionClaimNames.ACTIVE, true)
+				.containsEntry(OAuth2TokenIntrospectionClaimNames.USERNAME, "client%&1");
 		}
 	}