ServletOAuth2AuthorizedClientExchangeFilterFunction handles null authorized client

Issue: gh-5545

Author: rwinch

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java

@@ -23,6 +23,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -150,7 +151,13 @@ public Consumer<WebClient.RequestHeadersSpec<?>> defaultRequest() {
 	 * @return the {@link Consumer} to populate the attributes
 	 */
 	public static Consumer<Map<String, Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient authorizedClient) {
-		return attributes -> attributes.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, authorizedClient);
+		return attributes -> {
+			if (authorizedClient == null) {
+				attributes.remove(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME);
+			} else {
+				attributes.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, authorizedClient);
+			}
+		};
 	}
 
 	/**
@@ -262,6 +269,9 @@ private void populateDefaultOAuth2AuthorizedClient(Map<String, Object> attrs) {
 			OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository
 					.loadAuthorizedClient(clientRegistrationId, authentication,
 							request);
+			if (authorizedClient == null) {
+				throw new ClientAuthorizationRequiredException(clientRegistrationId);
+			}
 			oauth2AuthorizedClient(authorizedClient).accept(attrs);
 		}
 	}