Preserve manual formatting

Issue gh-1616

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/AbstractOAuth2AuthorizationServerMetadata.java

@@ -74,7 +74,8 @@ public abstract class AbstractOAuth2AuthorizationServerMetadata implements OAuth
 
 		@SuppressWarnings("unchecked")
 		protected final B getThis() {
-			return (B) this;	// avoid unchecked casts in subclasses by using "getThis()" instead of "(B) this"
+			// avoid unchecked casts in subclasses by using "getThis()" instead of "(B) this"
+			return (B) this;
 		}
 
 		/**

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java

@@ -150,6 +150,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
 	}
 
 	private static boolean hasToken(OAuth2Authorization authorization, String token, @Nullable OAuth2TokenType tokenType) {
+		// @formatter:off
 		if (tokenType == null) {
 			return matchesState(authorization, token) ||
 					matchesAuthorizationCode(authorization, token) ||
@@ -173,6 +174,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
 		} else if (OAuth2ParameterNames.USER_CODE.equals(tokenType.getValue())) {
 			return matchesUserCode(authorization, token);
 		}
+		// @formatter:on
 		return false;
 	}
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProvider.java

@@ -88,10 +88,12 @@ public final class ClientSecretAuthenticationProvider implements AuthenticationP
 		OAuth2ClientAuthenticationToken clientAuthentication =
 				(OAuth2ClientAuthenticationToken) authentication;
 
+		// @formatter:off
 		if (!ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientAuthentication.getClientAuthenticationMethod()) &&
 				!ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientAuthentication.getClientAuthenticationMethod())) {
 			return null;
 		}
+		// @formatter:on
 
 		String clientId = clientAuthentication.getPrincipal().toString();
 		RegisteredClient registeredClient = this.registeredClientRepository.findByClientId(clientId);

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java

@@ -125,9 +125,11 @@ final class CodeVerifierAuthenticator {
 	}
 
 	private static boolean authorizationCodeGrant(Map<String, Object> parameters) {
+		// @formatter:off
 		return AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(
 				parameters.get(OAuth2ParameterNames.GRANT_TYPE)) &&
 				parameters.get(OAuth2ParameterNames.CODE) != null;
+		// @formatter:on
 	}
 
 	private static boolean codeVerifierValid(String codeVerifier, String codeChallenge, String codeChallengeMethod) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/JwtClientAssertionAuthenticationProvider.java

@@ -92,10 +92,12 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
 			this.logger.trace("Retrieved registered client");
 		}
 
+		// @formatter:off
 		if (!registeredClient.getClientAuthenticationMethods().contains(ClientAuthenticationMethod.PRIVATE_KEY_JWT) &&
 				!registeredClient.getClientAuthenticationMethods().contains(ClientAuthenticationMethod.CLIENT_SECRET_JWT)) {
 			throwInvalidClient("authentication_method");
 		}
+		// @formatter:on
 
 		if (clientAuthentication.getCredentials() == null) {
 			throwInvalidClient("credentials");
@@ -116,10 +118,12 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
 		// Validate the "code_verifier" parameter for the confidential client, if available
 		this.codeVerifierAuthenticator.authenticateIfAvailable(clientAuthentication, registeredClient);
 
+		// @formatter:off
 		ClientAuthenticationMethod clientAuthenticationMethod =
 				registeredClient.getClientSettings().getTokenEndpointAuthenticationSigningAlgorithm() instanceof SignatureAlgorithm ?
 						ClientAuthenticationMethod.PRIVATE_KEY_JWT :
 						ClientAuthenticationMethod.CLIENT_SECRET_JWT;
+		// @formatter:on
 
 		if (this.logger.isTraceEnabled()) {
 			this.logger.trace("Authenticated client assertion");

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java

@@ -213,8 +213,8 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
 
 		// ----- Refresh token -----
 		OAuth2RefreshToken refreshToken = null;
+		// Do not issue refresh token to public client
 		if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
-				// Do not issue refresh token to public client
 				!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
 
 			tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java

@@ -306,7 +306,8 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 			} else if (AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(authorizationGrantType)) {
 				return AuthorizationGrantType.REFRESH_TOKEN;
 			}
-			return new AuthorizationGrantType(authorizationGrantType);		// Custom authorization grant type
+			// Custom authorization grant type
+			return new AuthorizationGrantType(authorizationGrantType);
 		}
 
 		private static ClientAuthenticationMethod resolveClientAuthenticationMethod(String clientAuthenticationMethod) {
@@ -317,7 +318,8 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 			} else if (ClientAuthenticationMethod.NONE.getValue().equals(clientAuthenticationMethod)) {
 				return ClientAuthenticationMethod.NONE;
 			}
-			return new ClientAuthenticationMethod(clientAuthenticationMethod);		// Custom client authentication method
+			// Custom client authentication method
+			return new ClientAuthenticationMethod(clientAuthenticationMethod);
 		}
 
 	}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcLogoutAuthenticationProvider.java

@@ -97,8 +97,8 @@ public final class OidcLogoutAuthenticationProvider implements AuthenticationPro
 		}
 
 		OAuth2Authorization.Token<OidcIdToken> authorizedIdToken = authorization.getToken(OidcIdToken.class);
-		if (authorizedIdToken.isInvalidated() ||
+		if (authorizedIdToken.isInvalidated() || authorizedIdToken.isBeforeUse()) {
-				authorizedIdToken.isBeforeUse()) {	// Expired ID Token should be accepted
+			// Expired ID Token should be accepted
 			throwError(OAuth2ErrorCodes.INVALID_TOKEN, "id_token_hint");
 		}
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcUserInfoAuthenticationProvider.java

@@ -149,6 +149,7 @@ public final class OidcUserInfoAuthenticationProvider implements AuthenticationP
 
 	private static final class DefaultOidcUserInfoMapper implements Function<OidcUserInfoAuthenticationContext, OidcUserInfo> {
 
+		// @formatter:off
 		private static final List<String> EMAIL_CLAIMS = Arrays.asList(
 				StandardClaimNames.EMAIL,
 				StandardClaimNames.EMAIL_VERIFIED
@@ -173,6 +174,7 @@ public final class OidcUserInfoAuthenticationProvider implements AuthenticationP
 				StandardClaimNames.LOCALE,
 				StandardClaimNames.UPDATED_AT
 		);
+		// @formatter:on
 
 		@Override
 		public OidcUserInfo apply(OidcUserInfoAuthenticationContext authenticationContext) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcLogoutEndpointFilter.java

@@ -200,7 +200,8 @@ public final class OidcLogoutEndpointFilter extends OncePerRequestFilter {
 						OAuth2ParameterNames.STATE,
 						UriUtils.encode(oidcLogoutAuthentication.getState(), StandardCharsets.UTF_8));
 			}
-			redirectUri = uriBuilder.build(true).toUriString();		// build(true) -> Components are explicitly encoded
+			// build(true) -> Components are explicitly encoded
+			redirectUri = uriBuilder.build(true).toUriString();
 			this.redirectStrategy.sendRedirect(request, response, redirectUri);
 		} else {
 			// Perform default redirect

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java

@@ -74,6 +74,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
 	@Nullable
 	@Override
 	public Jwt generate(OAuth2TokenContext context) {
+		// @formatter:off
 		if (context.getTokenType() == null ||
 				(!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) &&
 						!OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue()))) {
@@ -83,6 +84,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
 				!OAuth2TokenFormat.SELF_CONTAINED.equals(context.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
 			return null;
 		}
+		// @formatter:on
 
 		String issuer = null;
 		if (context.getAuthorizationServerContext() != null) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java

@@ -55,10 +55,12 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
 	@Nullable
 	@Override
 	public OAuth2AccessToken generate(OAuth2TokenContext context) {
+		// @formatter:off
 		if (!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) ||
 				!OAuth2TokenFormat.REFERENCE.equals(context.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
 			return null;
 		}
+		// @formatter:on
 
 		String issuer = null;
 		if (context.getAuthorizationServerContext() != null) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/DefaultConsentPage.java

@@ -56,7 +56,8 @@ class DefaultConsentPage {
 		for (String scope : requestedScopes) {
 			if (authorizedScopes.contains(scope)) {
 				scopesPreviouslyAuthorized.add(scope);
-			} else if (!scope.equals(OidcScopes.OPENID)) { // openid scope does not require consent
+			} else if (!scope.equals(OidcScopes.OPENID)) {
+				// openid scope does not require consent
 				scopesToAuthorize.add(scope);
 			}
 		}
@@ -68,8 +69,8 @@ class DefaultConsentPage {
 		// authorizing the correct device.
 		String userCode = additionalParameters.get(OAuth2ParameterNames.USER_CODE);
 
+		// @formatter:off
 		StringBuilder builder = new StringBuilder();
-
 		builder.append("<!DOCTYPE html>");
 		builder.append("<html lang=\"en\">");
 		builder.append("<head>");
@@ -149,6 +150,7 @@ class DefaultConsentPage {
 		builder.append("</div>");
 		builder.append("</body>");
 		builder.append("</html>");
+		// @formatter:on
 
 		return builder.toString();
 	}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java

@@ -121,10 +121,12 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
 		Assert.hasText(authorizationEndpointUri, "authorizationEndpointUri cannot be empty");
 		this.authenticationManager = authenticationManager;
 		this.authorizationEndpointMatcher = createDefaultRequestMatcher(authorizationEndpointUri);
+		// @formatter:off
 		this.authenticationConverter = new DelegatingAuthenticationConverter(
 				Arrays.asList(
 						new OAuth2AuthorizationCodeRequestAuthenticationConverter(),
 						new OAuth2AuthorizationConsentAuthenticationConverter()));
+		// @formatter:on
 	}
 
 	private static RequestMatcher createDefaultRequestMatcher(String authorizationEndpointUri) {
@@ -167,9 +169,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
 			Authentication authenticationResult = this.authenticationManager.authenticate(authentication);
 
 			if (!authenticationResult.isAuthenticated()) {
-				// If the Principal (Resource Owner) is not authenticated then
+				// If the Principal (Resource Owner) is not authenticated then pass through the chain
-				// pass through the chain with the expectation that the authentication process
+				// with the expectation that the authentication process will commence via AuthenticationEntryPoint
-				// will commence via AuthenticationEntryPoint
 				filterChain.doFilter(request, response);
 				return;
 			}
@@ -321,7 +322,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
 					OAuth2ParameterNames.STATE,
 					UriUtils.encode(authorizationCodeRequestAuthentication.getState(), StandardCharsets.UTF_8));
 		}
-		String redirectUri = uriBuilder.build(true).toUriString();		// build(true) -> Components are explicitly encoded
+		// build(true) -> Components are explicitly encoded
+		String redirectUri = uriBuilder.build(true).toUriString();
 		this.redirectStrategy.sendRedirect(request, response, redirectUri);
 	}
 
@@ -362,7 +364,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
 					OAuth2ParameterNames.STATE,
 					UriUtils.encode(authorizationCodeRequestAuthentication.getState(), StandardCharsets.UTF_8));
 		}
-		String redirectUri = uriBuilder.build(true).toUriString();		// build(true) -> Components are explicitly encoded
+		// build(true) -> Components are explicitly encoded
+		String redirectUri = uriBuilder.build(true).toUriString();
 		this.redirectStrategy.sendRedirect(request, response, redirectUri);
 	}
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java

@@ -94,12 +94,14 @@ public final class OAuth2ClientAuthenticationFilter extends OncePerRequestFilter
 		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
 		this.authenticationManager = authenticationManager;
 		this.requestMatcher = requestMatcher;
+		// @formatter:off
 		this.authenticationConverter = new DelegatingAuthenticationConverter(
 				Arrays.asList(
 						new JwtClientAssertionAuthenticationConverter(),
 						new ClientSecretBasicAuthenticationConverter(),
 						new ClientSecretPostAuthenticationConverter(),
 						new PublicClientAuthenticationConverter()));
+		// @formatter:on
 	}
 
 	@Override

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilter.java

@@ -112,10 +112,12 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
 		Assert.hasText(deviceVerificationEndpointUri, "deviceVerificationEndpointUri cannot be empty");
 		this.authenticationManager = authenticationManager;
 		this.deviceVerificationEndpointMatcher = createDefaultRequestMatcher(deviceVerificationEndpointUri);
+		// @formatter:off
 		this.authenticationConverter = new DelegatingAuthenticationConverter(
 				Arrays.asList(
 						new OAuth2DeviceVerificationAuthenticationConverter(),
 						new OAuth2DeviceAuthorizationConsentAuthenticationConverter()));
+		// @formatter:on
 	}
 
 	private RequestMatcher createDefaultRequestMatcher(String deviceVerificationEndpointUri) {
@@ -149,9 +151,8 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
 
 			Authentication authenticationResult = this.authenticationManager.authenticate(authentication);
 			if (!authenticationResult.isAuthenticated()) {
-				// If the Principal (Resource Owner) is not authenticated then
+				// If the Principal (Resource Owner) is not authenticated then pass through the chain
-				// pass through the chain with the expectation that the authentication process
+				// with the expectation that the authentication process will commence via AuthenticationEntryPoint
-				// will commence via AuthenticationEntryPoint
 				filterChain.doFilter(request, response);
 				return;
 			}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java

@@ -135,12 +135,14 @@ public final class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
 		Assert.hasText(tokenEndpointUri, "tokenEndpointUri cannot be empty");
 		this.authenticationManager = authenticationManager;
 		this.tokenEndpointMatcher = new AntPathRequestMatcher(tokenEndpointUri, HttpMethod.POST.name());
+		// @formatter:off
 		this.authenticationConverter = new DelegatingAuthenticationConverter(
 				Arrays.asList(
 						new OAuth2AuthorizationCodeAuthenticationConverter(),
 						new OAuth2RefreshTokenAuthenticationConverter(),
 						new OAuth2ClientCredentialsAuthenticationConverter(),
 						new OAuth2DeviceCodeAuthenticationConverter()));
+		// @formatter:on
 	}
 
 	@Override

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProviderTests.java

@@ -218,7 +218,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
 		assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
 		assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
 		assertThat(authenticationResult.getDeviceCode().getTokenValue()).hasSize(128);
-		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
+		// 8 chars + 1 dash
+		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
 
 		ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
 		verify(this.authorizationService).save(authorizationCaptor.capture());
@@ -244,7 +245,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
 		assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
 		assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
 		assertThat(authenticationResult.getDeviceCode().getTokenValue()).hasSize(128);
-		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
+		// 8 chars + 1 dash
+		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
 
 		ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
 		verify(this.authorizationService).save(authorizationCaptor.capture());
@@ -275,7 +277,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
 		assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
 		assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
 		assertThat(authenticationResult.getDeviceCode().getTokenValue()).isEqualTo(DEVICE_CODE);
-		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
+		// 8 chars + 1 dash
+		assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
 
 		ArgumentCaptor<OAuth2TokenContext> tokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
 		verify(deviceCodeGenerator).generate(tokenContextCaptor.capture());

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java

@@ -400,7 +400,8 @@ public class JdbcRegisteredClientRepositoryTests {
 				} else if (AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(authorizationGrantType)) {
 					return AuthorizationGrantType.REFRESH_TOKEN;
 				}
-				return new AuthorizationGrantType(authorizationGrantType);		// Custom authorization grant type
+				// Custom authorization grant type
+				return new AuthorizationGrantType(authorizationGrantType);
 			}
 
 			private static ClientAuthenticationMethod resolveClientAuthenticationMethod(String clientAuthenticationMethod) {
@@ -411,7 +412,8 @@ public class JdbcRegisteredClientRepositoryTests {
 				} else if (ClientAuthenticationMethod.NONE.getValue().equals(clientAuthenticationMethod)) {
 					return ClientAuthenticationMethod.NONE;
 				}
-				return new ClientAuthenticationMethod(clientAuthenticationMethod);		// Custom client authentication method
+				// Custom client authentication method
+				return new ClientAuthenticationMethod(clientAuthenticationMethod);
 			}
 
 		}

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java

@@ -203,8 +203,9 @@ public class OidcProviderConfigurationTests {
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 			OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+			// Enable OpenID Connect 1.0
 			http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
-					.oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+					.oidc(Customizer.withDefaults());
 			return http.build();
 		}
 

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java

@@ -482,8 +482,9 @@ public class OidcTests {
 		@Bean
 		SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
 			OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+			// Enable OpenID Connect 1.0
 			http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
-					.oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+					.oidc(Customizer.withDefaults());
 			return http.build();
 		}
 
@@ -578,9 +579,10 @@ public class OidcTests {
 					new OAuth2AuthorizationServerConfigurer();
 			http.apply(authorizationServerConfigurer);
 
+			// Enable OpenID Connect 1.0
 			authorizationServerConfigurer
 					.tokenGenerator(tokenGenerator())
-					.oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+					.oidc(Customizer.withDefaults());
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java

@@ -430,8 +430,9 @@ public class OidcUserInfoTests {
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
 					new OAuth2AuthorizationServerConfigurer();
+			// Enable OpenID Connect 1.0
 			authorizationServerConfigurer
-					.oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+					.oidc(Customizer.withDefaults());
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer
 					.getEndpointsMatcher();
 
@@ -462,8 +463,9 @@ public class OidcUserInfoTests {
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
 					new OAuth2AuthorizationServerConfigurer();
+			// Enable OpenID Connect 1.0
 			authorizationServerConfigurer
-					.oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+					.oidc(Customizer.withDefaults());
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer
 					.getEndpointsMatcher();
 

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilterTests.java

@@ -507,10 +507,11 @@ public class OAuth2AuthorizationEndpointFilterTests {
 					scopes.addAll(requestedScopes);
 				})
 				.build();
+		// No scopes previously approved
 		OAuth2AuthorizationConsentAuthenticationToken authorizationConsentAuthenticationResult =
 				new OAuth2AuthorizationConsentAuthenticationToken(
 						AUTHORIZATION_URI, registeredClient.getClientId(), principal,
-						STATE, new HashSet<>(), null);	// No scopes previously approved
+						STATE, new HashSet<>(), null);
 		authorizationConsentAuthenticationResult.setAuthenticated(true);
 		when(this.authenticationManager.authenticate(any()))
 				.thenReturn(authorizationConsentAuthenticationResult);
@@ -538,10 +539,11 @@ public class OAuth2AuthorizationEndpointFilterTests {
 					scopes.addAll(requestedScopes);
 				})
 				.build();
+		// No scopes previously approved
 		OAuth2AuthorizationConsentAuthenticationToken authorizationConsentAuthenticationResult =
 				new OAuth2AuthorizationConsentAuthenticationToken(
 						AUTHORIZATION_URI, registeredClient.getClientId(), principal,
-						STATE, new HashSet<>(), null);	// No scopes previously approved
+						STATE, new HashSet<>(), null);
 		authorizationConsentAuthenticationResult.setAuthenticated(true);
 		when(this.authenticationManager.authenticate(any()))
 				.thenReturn(authorizationConsentAuthenticationResult);