Add extensible ClientSettings to ClientRegistration

Signed-off-by: Pranav Manglik <pranav@undreamt.in>

Author: pranavmanglik

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -755,14 +755,31 @@ public static final class ClientSettings implements Serializable {
 		@Serial
 		private static final long serialVersionUID = 7495627155437124692L;
 
-		private boolean requireProofKey;
-
-		private ClientSettings() {
+		private final Map<String, Object> settings;
 
+		private ClientSettings(Map<String, Object> settings) {
+			this.settings = Collections.unmodifiableMap(new LinkedHashMap<>(settings));
 		}
 
 		public boolean isRequireProofKey() {
-			return this.requireProofKey;
+			return getSetting("settings.client.require-proof-key", true);
+		}
+
+		@SuppressWarnings("unchecked")
+		public <T> @Nullable T getSetting(String name) {
+			Assert.hasText(name, "name cannot be empty");
+			return (T) this.settings.get(name);
+		}
+
+		@SuppressWarnings("unchecked")
+		public <T> T getSetting(String name, T defaultValue) {
+			Assert.hasText(name, "name cannot be empty");
+			T value = (T) this.settings.get(name);
+			return (value != null) ? value : defaultValue;
+		}
+
+		public Map<String, Object> getSettings() {
+			return this.settings;
 		}
 
 		@Override
@@ -773,17 +790,17 @@ public boolean equals(Object o) {
 			if (!(o instanceof ClientSettings that)) {
 				return false;
 			}
-			return this.requireProofKey == that.requireProofKey;
+			return Objects.equals(this.settings, that.settings);
 		}
 
 		@Override
 		public int hashCode() {
-			return Objects.hashCode(this.requireProofKey);
+			return Objects.hashCode(this.settings);
 		}
 
 		@Override
 		public String toString() {
-			return "ClientSettings{" + "requireProofKey=" + this.requireProofKey + '}';
+			return "ClientSettings{" + "settings=" + this.settings + '}';
 		}
 
 		public static Builder builder() {
@@ -792,9 +809,10 @@ public static Builder builder() {
 
 		public static final class Builder {
 
-			private boolean requireProofKey = true;
+			private final Map<String, Object> settings = new LinkedHashMap<>();
 
 			private Builder() {
+				this.settings.put("settings.client.require-proof-key", true);
 			}
 
 			/**
@@ -805,14 +823,35 @@ private Builder() {
 			 * @return the {@link Builder} for further configuration
 			 */
 			public Builder requireProofKey(boolean requireProofKey) {
-				this.requireProofKey = requireProofKey;
+				return setting("settings.client.require-proof-key", requireProofKey);
+			}
+
+			/**
+			 * Sets a configuration setting.
+			 * @param name the name of the setting
+			 * @param value the value of the setting
+			 * @return the {@link Builder} for further configuration
+			 */
+			public Builder setting(String name, Object value) {
+				Assert.hasText(name, "name cannot be empty");
+				Assert.notNull(value, "value cannot be null");
+				this.settings.put(name, value);
+				return this;
+			}
+
+			/**
+			 * Sets the configuration settings.
+			 * @param settings the configuration settings
+			 * @return the {@link Builder} for further configuration
+			 */
+			public Builder settings(Map<String, Object> settings) {
+				Assert.notNull(settings, "settings cannot be null");
+				this.settings.putAll(settings);
 				return this;
 			}
 
 			public ClientSettings build() {
-				ClientSettings clientSettings = new ClientSettings();
-				clientSettings.requireProofKey = this.requireProofKey;
-				return clientSettings;
+				return new ClientSettings(this.settings);
 			}
 
 		}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java

@@ -751,4 +751,46 @@ private static <T> T getStaticValue(Field field, Class<T> clazz) {
 		}
 	}
 
+	@Test
+	void buildWhenScopesHaveInvalidCharactersThenThrowException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId("test")
+					.clientId("client")
+					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+					.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
+					.authorizationUri("https://provider.com/auth")
+					.tokenUri("https://provider.com/token")
+					.scope("read", "invalid scope ^") // space is 0x20, which is outside the valid range
+					.build()
+		// @formatter:on
+		);
+	}
+
+	@Test
+	void buildWhenClientCredentialsMissingTokenUriThenThrowException() {
+		assertThatIllegalArgumentException().isThrownBy(() ->
+		// @formatter:off
+			ClientRegistration.withRegistrationId("test")
+					.clientId("client")
+					.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+					// Missing tokenUri
+					.build()
+		// @formatter:on
+		);
+	}
+
+	@Test
+	void buildWhenValidThenSettingsAreCorrect() {
+		// @formatter:off
+		ClientRegistration registration = ClientRegistration.withRegistrationId("google")
+				.clientId("my-client")
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.tokenUri("https://google.com/token")
+				.build();
+		// @formatter:on
+		assertThat(registration.getRegistrationId()).isEqualTo("google");
+		assertThat(registration.getClientId()).isEqualTo("my-client");
+	}
+
 }