OAuth Require client registration setting has no effect

[onspli]

Issue Description

When using the following OAuth setup in Stalwart Admin UI

• Require client registration true
• Allow anonymous registration false

and Internal directory, OAuth
flow should reject authentication attempts when client_id does not match any of registered OAuth clients. It successully continues the authentication flow instead.

Expected Behavior

Accessing http://localhost:8080/authorize/code?redirect_uri=https://test.local without client_id, or with client_id which does not match any of registered OAuth clients should return error and stop the authentication flow.

Actual Behavior

The authentication si granted and browser is redirected to https://test.local/?code=xxx

Reproduction Steps

1. Start server with docker on port 8080
2. Set Settings > Authentication > Oauth > Require client registration to true
3. Perform hot reload of the server
4. Add testing user
5. In browser, go to http://localhost:8080/authorize/code?redirect_uri=https://test.local
6. Enter testing user credentials
7. Authentication succeeds and browser redirects to https://test.local/?code=xxx

Relevant Log Output

No response

Stalwart Version

v0.15.x

Installation Method

Docker

Database Backend

RocksDB

Blob Storage

RocksDB

Search Engine

Internal

Directory Backend

Internal

Additional Context

No response

I acknowledge that:

• I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
• I have searched the Stalwart repository (both open and closed Discussions and Issues) and confirm this is not a duplicate.
• I have set the logging level to trace and included relevant log output if applicable.
• I agree to follow the project's Code of Conduct.