Flowable contains additional logic for hooking into Spring security to make it easy for people that have nothing configured out of the box (and add security to embedded rest endpoints), see https://github.com/flowable/flowable-engine/blob/a6def9e52798bb19fa5cf051bf9a56a673b3c560/modules/flowable-spring-boot/flowable-spring-boot-starters/flowable-spring-boot-starter-basic/src/main/java/org/flowable/spring/boot/SecurityAutoConfiguration.java
This AutoConfiguration is part of the basic starter and by the spring security jars on the classpath, it kicks in.
However, since you’ve got a fullblown Oauth2 server, this security config is not needed. Can you try this assumption, and exclude it from loading, like
@SpringBootApplication(exclude = org.flowable.spring.boot.SecurityAutoConfiguration.class)