Spring Security Allow authorization request resolver to be changed for the OAuth2 client configuration

Describe the bug

The authorizationRequestResolver can't be changed in the OAuth2 client configuration. Because of this, we can't use the Twitter oAuth2 flow, which needs PKCE.

To Reproduce

To reproduce the issue you can use our example code. Just run the code in the spring-security-pkce-issue project. Please follow the README.md in the repository root directory for instructions.

Additionally, we have prepared a fix.

Expected behavior

The OAuth2 client configuration should be able to be changed so that the OAuth2AuthorizationRequestCustomizers.withPkce() customizer can be added to the authorization request resolver.

Please be aware that we explicitly do not need an OAuth2 login for our application. We just want to use the OAuth2 client configuration.

Comment From: jgrandja

@spoptchev You are correct, OAuth2ClientSpec.authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) is not available.

Would you be interested in submitting a PR for this enhancement? It should be similar to OAuth2LoginSpec.authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver).

Comment From: spoptchev

Hi @jgrandja, sure, I opened a PR (https://github.com/spring-projects/spring-security/pull/12438).