From b159eaafa4f94f973f9000f7e2afec740b051478 Mon Sep 17 00:00:00 2001
From: Andrey Litvitski <andrey1010102008@gmail.com>
Date: Thu, 4 Dec 2025 16:23:36 +0300
Subject: [PATCH] Remove requireProofKey warning for non-auth-code flows

The warning is unnecessary since PKCE only applies to authorization_code
flow and the code already corrects this silently.

Closes: gh-18221

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
---
 .../oauth2/client/registration/ClientRegistration.java        | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
index 8e88404d5d4..cc5abf05530 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -46,6 +46,7 @@
  *
  * @author Joe Grandja
  * @author Michael Sosa
+ * @author Andrey Litvitski
  * @since 5.0
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2
  * Client Registration</a>
@@ -705,9 +706,6 @@ private void validateAuthorizationGrantTypes() {
 			if (!AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)
 					&& this.clientSettings.isRequireProofKey()) {
 				this.clientSettings = ClientSettings.builder().requireProofKey(false).build();
-				logger.warn(LogMessage.format(
-						"clientSettings.isRequireProofKey=true is only valid with authorizationGrantType=%s. Got authorizationGrantType=%s. Resetting to clientSettings.isRequireProofKey=false",
-						AuthorizationGrantType.AUTHORIZATION_CODE, this.authorizationGrantType));
 			}
 		}