From 0d5f42f8529c1e56886e91616b6ca7d30f15c65e Mon Sep 17 00:00:00 2001
From: Andrey Litvitski <andrey1010102008@gmail.com>
Date: Thu, 4 Dec 2025 16:23:36 +0300
Subject: [PATCH] Remove requireProofKey warning for non-auth-code flows

The warning is unnecessary since PKCE only applies to authorization_code
flow and the code already corrects this silently.

Closes: gh-18221

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
---
 .../oauth2/client/registration/ClientRegistration.java         | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 8e88404d5d..e6d99c1e3f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -705,9 +705,6 @@ public final class ClientRegistration implements Serializable {
 			if (!AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)
 					&& this.clientSettings.isRequireProofKey()) {
 				this.clientSettings = ClientSettings.builder().requireProofKey(false).build();
-				logger.warn(LogMessage.format(
-						"clientSettings.isRequireProofKey=true is only valid with authorizationGrantType=%s. Got authorizationGrantType=%s. Resetting to clientSettings.isRequireProofKey=false",
-						AuthorizationGrantType.AUTHORIZATION_CODE, this.authorizationGrantType));
 			}
 		}