Extend ClientSettings to support DpOP #18228
Description
In general, OAuth2 Clients can be configured with special settings in an OAuth2 Authorization Provider.
One such option is PKCE, which Spring Security supports as a client setting thanks to #16382.
The ClientSettings object is not extensible, so it's not possible to accomodate for other types of settings. In my case, I would need to mark certain ClientRegistration objects to require DpOP. But it doesn't seem like there's a way to do that with the current APIs.
On top of my head, I would consider extending ClientSettings with a requireDpop field. But I guess there could be other way to extend the registration.
I'm trying to add support for DpOP to Spring Security OAuth2 Client. The rest of the APIs can be easily customized, but not being able to specify whether to use DpOP as part of a ClientRegistration is a major limitation.