The original intent of CommonOAuth2Provider is to provide sensible defaults for the HttpSecurity.oauth2Login() flow when using a common provider, e.g. Google, Okta, Github and Facebook.
The javadoc should be enhanced to explicitly state that the defaults are meant to be used for ClientRegistration's configured for the oauth2Login() flow.