Make it possible to share configuration for OIDC and Auth server well-known endpoints #2225
Description
Expected Behavior
There is a very high degree of overlap between the information exposed by the OIDC well-known endpoint ( /.well-known/openid-configuration) and the oauth2 server well known endpoint ( /.well-known/oauth-authorization-server). If you adjust some of the output of one of them - for example to remove certain grant types that you don't want to support - then you almost certainly want to do the same for the other one. Spring Auth Server should make it possible to do this without unnecessary code duplication.
Current Behavior
OAuth2AuthorizationServerMetadata.Builder and OidcProviderConfiguration.Builder share a common base class, but it's protected so end user code can't access it without ugly workarounds like putting classes into Spring packages. Exposing this as public would be one option that would allow users to share customisation between these two endpoints more easily.
More radically, there's a very high degree of duplication within SAS for this whole area - OidcProviderConfigurationEndpointFilter contains a large amount of identical code to OAuth2AuthorizationServerMetadataEndpointFilter, for example. Ideally some of this would be refactored so that they shared more implementation so that customisations to one would automatically apply to the other.