Describe the bug

The latest "feature" changes to 1.6.0 introduce a breaking change for the OAuth2Request class by removing the body parameter. This should have been a breaking change.

Previously in version 1.5.x and earlier there was a body parameter for the OAuth2Request object, which has been removed.

Because of this removal all the related requests and functions that relied on that body parameter fail. Such as:

• create_oauth2_request
• create_token_response
• check_token_endpoint

To Reproduce

Define create_oauth2_request as such.

 def create_oauth2_request(self, request: dict) -> OAuth2Request:
        """Convert the request parqms to OAuth2Request object.

        :param request: the request params
        :type request: dict - {"body": dict, "headers": dict}
        :return: The converted params
        :rtype: OAuth2Request
        """
        # TODO: Check if request uri is in metadata when called from gateway.
        return OAuth2Request(method="POST", uri="https://example.com", body=request["body"], headers=request["headers"])

Expected behavior
Wouldn't expect a failure. If this is expected then I would expect a changelog and documentation on how to rewrite existing code from 1.5.x -> 1.6 to support the removal of the parameter.

Environment:

Tested on these environments

• OS: Linux/MacOs
• Python Version: Python 3.12, 3.13
• Authlib Version: 1.5.x vs. 1.6.0

Additional context

If there is any documentation to help migrate existing code to this new API scheme please link it to this bug as I couldn't find any relevant documentation either here, the webpage or stackoverflow.

Thanks.