Remove validation for unsupported grant types

Closes spring-projectsgh-9828

Author: Steve Riesenberg

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java

@@ -23,7 +23,6 @@
 import java.util.Map;
 import java.util.function.Supplier;
 
-import com.nimbusds.oauth2.sdk.GrantType;
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
 import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
@@ -242,13 +241,6 @@ private static ClientRegistration.Builder withProviderConfiguration(Authorizatio
 		String name = URI.create(issuer).getHost();
 		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer,
 				metadata.getTokenEndpointAuthMethods());
-		List<GrantType> grantTypes = metadata.getGrantTypes();
-		// If null, the default includes authorization_code
-		if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) {
-			throw new IllegalArgumentException(
-					"Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + issuer
-							+ "\" returned a configuration of " + grantTypes);
-		}
 		Map<String, Object> configurationMetadata = new LinkedHashMap<>(metadata.toJSONObject());
 		// @formatter:off
 		return ClientRegistration.withRegistrationId(name)

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java

@@ -240,24 +240,22 @@ public void issuerWhenOAuth2GrantTypesSupportedNullThenDefaulted() throws Except
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
-	/**
-	 * We currently only support authorization_code, so verify we have a meaningful error
-	 * until we add support.
-	 */
+	// gh-9828
 	@Test
-	public void issuerWhenGrantTypesSupportedInvalidThenException() {
+	public void issuerWhenImplicitGrantTypeThenSuccess() throws Exception {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registration(""))
-				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
-						+ this.issuer + "\" returned a configuration of [implicit]");
+		ClientRegistration registration = registration("").build();
+		// The authorization_code grant type is still the default
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
+	// gh-9828
 	@Test
-	public void issuerWhenOAuth2GrantTypesSupportedInvalidThenException() {
-		this.response.put("grant_types_supported", Arrays.asList("implicit"));
-		assertThatIllegalArgumentException().isThrownBy(() -> registrationOAuth2("", null))
-				.withMessageContaining("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \""
-						+ this.issuer + "\" returned a configuration of [implicit]");
+	public void issuerWhenOAuth2JwtBearerGrantTypeThenSuccess() throws Exception {
+		this.response.put("grant_types_supported", Arrays.asList("urn:ietf:params:oauth:grant-type:jwt-bearer"));
+		ClientRegistration registration = registrationOAuth2("", null).build();
+		// The authorization_code grant type is still the default
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
 	@Test