Currently OAuth2ClientProperties.clientAuthenticationMethod can be set to an invalid value and this does not result in a startup error but will only take into account when application is already running.
To Reproduce - Configure an oauth2 client of any type named "test" - Set spring.security.oauth2.client.registration.test.client-authentication-method=invalid - Start application - Do something that needs the client configuration
Expected behavior In my opinion ClientAuthenticationMethod should be en enum, so that it is not possible to configure invalid values.
Comment From: sjohnr
@DerThanne thanks for reaching out!
OAuth2ClientProperties and spring.security.oauth2.client.registration.test.client-authentication-method are Spring Boot configuration properties, and so what you are requesting cannot be done directly in Spring Security (which Spring Boot only depends on). Further, I don't think such a request makes sense in Spring Boot (see below).
In my opinion ClientAuthenticationMethod should be en enum, so that it is not possible to configure invalid values.
ClientAuthenticationMethod is designed to allow extension and custom grant types to be used. Making it an enum would prevent this, and is therefore not a viable option. Currently, because of the flexibility provided by the component model, I don't believe it is possible for Spring Security to know whether a particular grant type is valid or not at startup.
Given the above explanation, I'm going to close this issue as the behavior you're describing is currently expected. However, if you have any suggestions for improving the situation without limiting the current flexibility of the component model for configuring OAuth2 Client features, I am happy to re-open this issue.