Move ClientSettings to ClientRegistration

Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -26,6 +26,7 @@ import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 
 import org.apache.commons.logging.Log;
@@ -741,4 +742,76 @@ public final class ClientRegistration implements Serializable {
 
 	}
 
+	/**
+	 * A facility for client configuration settings.
+	 *
+	 * @author DingHao
+	 * @since 6.5
+	 */
+	public static final class ClientSettings {
+
+		private boolean requireProofKey;
+
+		private ClientSettings() {
+
+		}
+
+		public boolean isRequireProofKey() {
+			return this.requireProofKey;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (this == o) {
+				return true;
+			}
+			if (!(o instanceof ClientSettings that)) {
+				return false;
+			}
+			return this.requireProofKey == that.requireProofKey;
+		}
+
+		@Override
+		public int hashCode() {
+			return Objects.hashCode(this.requireProofKey);
+		}
+
+		@Override
+		public String toString() {
+			return "ClientSettings{" + "requireProofKey=" + this.requireProofKey + '}';
+		}
+
+		public static Builder builder() {
+			return new Builder();
+		}
+
+		public static final class Builder {
+
+			private boolean requireProofKey;
+
+			private Builder() {
+			}
+
+			/**
+			 * Set to {@code true} if the client is required to provide a proof key
+			 * challenge and verifier when performing the Authorization Code Grant flow.
+			 * @param requireProofKey {@code true} if the client is required to provide a
+			 * proof key challenge and verifier, {@code false} otherwise
+			 * @return the {@link Builder} for further configuration
+			 */
+			public Builder requireProofKey(boolean requireProofKey) {
+				this.requireProofKey = requireProofKey;
+				return this;
+			}
+
+			public ClientSettings build() {
+				ClientSettings clientSettings = new ClientSettings();
+				clientSettings.requireProofKey = this.requireProofKey;
+				return clientSettings;
+			}
+
+		}
+
+	}
+
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java

@@ -1,91 +0,0 @@
-/*
- * Copyright 2002-2025 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.client.registration;
-
-import java.util.Objects;
-
-/**
- * A facility for client configuration settings.
- *
- * @author DingHao
- * @since 6.5
- */
-public final class ClientSettings {
-
-	private boolean requireProofKey;
-
-	private ClientSettings() {
-
-	}
-
-	public boolean isRequireProofKey() {
-		return this.requireProofKey;
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (this == o) {
-			return true;
-		}
-		if (!(o instanceof ClientSettings that)) {
-			return false;
-		}
-		return this.requireProofKey == that.requireProofKey;
-	}
-
-	@Override
-	public int hashCode() {
-		return Objects.hashCode(this.requireProofKey);
-	}
-
-	@Override
-	public String toString() {
-		return "ClientSettings{" + "requireProofKey=" + this.requireProofKey + '}';
-	}
-
-	public static Builder builder() {
-		return new Builder();
-	}
-
-	public static final class Builder {
-
-		private boolean requireProofKey;
-
-		private Builder() {
-		}
-
-		/**
-		 * Set to {@code true} if the client is required to provide a proof key challenge
-		 * and verifier when performing the Authorization Code Grant flow.
-		 * @param requireProofKey {@code true} if the client is required to provide a
-		 * proof key challenge and verifier, {@code false} otherwise
-		 * @return the {@link Builder} for further configuration
-		 */
-		public Builder requireProofKey(boolean requireProofKey) {
-			this.requireProofKey = requireProofKey;
-			return this;
-		}
-
-		public ClientSettings build() {
-			ClientSettings clientSettings = new ClientSettings();
-			clientSettings.requireProofKey = this.requireProofKey;
-			return clientSettings;
-		}
-
-	}
-
-}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java

@@ -786,7 +786,9 @@ public class ClientRegistrationTests {
 	// gh-16382
 	@Test
 	void buildWhenNewAuthorizationCodeAndPkceThenBuilds() {
-		ClientSettings pkceEnabled = ClientSettings.builder().requireProofKey(true).build();
+		ClientRegistration.ClientSettings pkceEnabled = ClientRegistration.ClientSettings.builder()
+			.requireProofKey(true)
+			.build();
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.clientSettings(pkceEnabled)
@@ -803,7 +805,9 @@ public class ClientRegistrationTests {
 	@ParameterizedTest
 	@MethodSource("invalidPkceGrantTypes")
 	void buildWhenInvalidGrantTypeForPkceThenException(AuthorizationGrantType invalidGrantType) {
-		ClientSettings pkceEnabled = ClientSettings.builder().requireProofKey(true).build();
+		ClientRegistration.ClientSettings pkceEnabled = ClientRegistration.ClientSettings.builder()
+			.requireProofKey(true)
+			.build();
 		ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.clientSettings(pkceEnabled)

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java

@@ -28,7 +28,6 @@ import org.mockito.Mockito;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.ClientSettings;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
@@ -583,7 +582,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 	private static ClientRegistration.Builder pkceClientRegistration() {
 		return ClientRegistration.withRegistrationId("pkce")
 			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
-			.clientSettings(ClientSettings.builder().requireProofKey(true).build())
+			.clientSettings(ClientRegistration.ClientSettings.builder().requireProofKey(true).build())
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 			.scope("read:user")
 			.authorizationUri("https://example.com/login/oauth/authorize")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java

@@ -27,7 +27,6 @@ import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientSettings;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
@@ -172,7 +171,9 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 	@Test
 	void resolveWhenRequireProofKeyTrueThenPkceEnabled() {
-		ClientSettings pkceEnabled = ClientSettings.builder().requireProofKey(true).build();
+		ClientRegistration.ClientSettings pkceEnabled = ClientRegistration.ClientSettings.builder()
+			.requireProofKey(true)
+			.build();
 		ClientRegistration clientWithPkceEnabled = TestClientRegistrations.clientRegistration()
 			.clientSettings(pkceEnabled)
 			.build();