Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

Fixes gh-7350

Author: jgrandja

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java

@@ -139,13 +139,6 @@ public Map<String, Object> apply(OAuth2AuthorizeRequest authorizeRequest) {
 				contextAttributes.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME,
 						StringUtils.delimitedListToStringArray(scope, " "));
 			}
-			String username = authorizeRequest.getServletRequest().getParameter(OAuth2ParameterNames.USERNAME);
-			String password = authorizeRequest.getServletRequest().getParameter(OAuth2ParameterNames.PASSWORD);
-			if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-				contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
-				contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
-			}
-
 			return contextAttributes;
 		}
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java

@@ -31,7 +31,10 @@
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.StringUtils;
 
+import java.util.HashMap;
+import java.util.Map;
 import java.util.function.Function;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -206,9 +209,17 @@ public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() {
 
 		when(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).thenReturn(this.authorizedClient);
 
-		// Override the mock with the default
-		this.authorizedClientManager.setContextAttributesMapper(
-				new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper());
+		// Set custom contextAttributesMapper
+		this.authorizedClientManager.setContextAttributesMapper(authorizeRequest -> {
+			Map<String, Object> contextAttributes = new HashMap<>();
+			String username = authorizeRequest.getServletRequest().getParameter(OAuth2ParameterNames.USERNAME);
+			String password = authorizeRequest.getServletRequest().getParameter(OAuth2ParameterNames.PASSWORD);
+			if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
+				contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
+				contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
+			}
+			return contextAttributes;
+		});
 
 		this.request.addParameter(OAuth2ParameterNames.USERNAME, "username");
 		this.request.addParameter(OAuth2ParameterNames.PASSWORD, "password");