Allow for custom ClientRegistration.clientAuthenticationMethod

Closes gh-8903

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -47,7 +47,7 @@ public final class ClientRegistration implements Serializable {
 	private String registrationId;
 	private String clientId;
 	private String clientSecret;
-	private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
+	private ClientAuthenticationMethod clientAuthenticationMethod;
 	private AuthorizationGrantType authorizationGrantType;
 	private String redirectUriTemplate;
 	private Set<String> scopes = Collections.emptySet();
@@ -298,7 +298,7 @@ public final class ClientRegistration implements Serializable {
 		private String registrationId;
 		private String clientId;
 		private String clientSecret;
-		private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
+		private ClientAuthenticationMethod clientAuthenticationMethod;
 		private AuthorizationGrantType authorizationGrantType;
 		private String redirectUriTemplate;
 		private Set<String> scopes;
@@ -564,12 +564,16 @@ public final class ClientRegistration implements Serializable {
 			clientRegistration.registrationId = this.registrationId;
 			clientRegistration.clientId = this.clientId;
 			clientRegistration.clientSecret = StringUtils.hasText(this.clientSecret) ? this.clientSecret : "";
-			clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod;
-			if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType) &&
-					!StringUtils.hasText(this.clientSecret)) {
-				clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE;
+			if (this.clientAuthenticationMethod != null) {
+				clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod;
+			} else {
+				if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType) &&
+						!StringUtils.hasText(this.clientSecret)) {
+					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE;
+				} else {
+					clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
+				}
 			}
-
 			clientRegistration.authorizationGrantType = this.authorizationGrantType;
 			clientRegistration.redirectUriTemplate = this.redirectUriTemplate;
 			clientRegistration.scopes = this.scopes;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -106,6 +106,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 	@Test
 	public void convertWhenPkceGrantRequestValidThenConverts() {
 		ClientRegistration clientRegistration = clientRegistrationBuilder
+				.clientAuthenticationMethod(null)
 				.clientSecret(null)
 				.build();
 

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java

@@ -315,6 +315,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 
 	private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() {
 		ClientRegistration registration = this.clientRegistration
+				.clientAuthenticationMethod(null)
 				.clientSecret(null)
 				.build();
 

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java

@@ -771,4 +771,19 @@ public class ClientRegistrationTests {
 		assertThat(updated.getProviderDetails().getConfigurationMetadata())
 				.containsOnlyKeys("a-new-config").containsValue("a-new-value");
 	}
+
+	// gh-8903
+	@Test
+	public void buildWhenCustomClientAuthenticationMethodProvidedThenSet() {
+		ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod("tls_client_auth");
+		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.clientAuthenticationMethod(clientAuthenticationMethod)
+				.redirectUriTemplate(REDIRECT_URI)
+				.authorizationUri(AUTHORIZATION_URI)
+				.tokenUri(TOKEN_URI)
+				.build();
+		assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(clientAuthenticationMethod);
+	}
 }