Spring Security redirect-uri was not encoded, is it by design?

Describe the bug

please see this line, https://github.com/spring-projects/spring-security/blob/fc553bf19aa24e5bc5363d92a7f215609a877ec4/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java#L466

Sample

for example, if encodeQueryParam("http://localhost:8080/login/oauth/client/google"), the result also "http://localhost:8080/login/oauth/client/google"

I got unsupported_response_type:code when using spring-boot:2.5.2, but it works with 2.1.2.RELEASE

Comment From: sjohnr

@onyas, can you provide a more thorough explanation of your issue, ideally with a minimal, reproducible sample?

Comment From: onyas

Hi @sjohnr thank you for your response, I fixed the unsupported_response_type:code issue by changing the clientAuthenticationMethod to ClientAuthenticationMethod.CLIENT_SECRET_POST.

Could you help answer the question, if encodeQueryParam("http://localhost:8080/login/oauth/client/xxx"), the result also "http://localhost:8080/login/oauth/client/xxx", is it by design?

Comment From: sjohnr

Hi @onyas. This feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

For now, I'm going to close this issue. But again, feel free to update with a link to Stack Overflow and I'll take a look, or if you feel it's an issue, let me know and we can re-open it.