Description
Describe the bug
When trying to use a oauth2 authorization server, that only provides the oauth2 well-known endpoint (/.well-known/oauth-authorization-server), the automated lookup of meta-data fails, because spring security tries to lookup the oidc well known endpoint first, which results in an error. In my case the error is the following:
Caused by: org.springframework.web.client.UnknownContentTypeException: Could not extract response: no suitable HttpMessageConverter found for response type [java.util.Map<java.lang.String, java.lang.Object>] and content type [text/html]
To Reproduce
Setup a oauth2 authorization server, that does not support oidc and instead serves a html error page, when trying to lookup
/.well-known/openid-configuration
Expected behavior
The error from looking up the oidc well-known endpoint should be ignored or maybe a config property can be introduced, to make clear what the type of issuer actually is (plain oauth2 vs oidc). This could prevent looking at the wrong place from start.
Sample
Let me know if a sample is needed.