Consider logging invalid client secret

[sjohnr]

spring-authorization-server/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProvider.java

Lines 116 to 118 in 27a893f

	if (!this.passwordEncoder.matches(clientSecret, registeredClient.getClientSecret())) {
	throwInvalidClient(OAuth2ParameterNames.CLIENT_SECRET);
	}

We should consider adding a log entry at DEBUG level in ClientSecretAuthenticationProvider for this case. This would allow the logging level to be tuned specifically for this logging.

[fndejan]

Hi @sjohnr, can I take this issue?

[sjohnr]

Thanks @fndejan, I've assigned it to you. I'll follow up on your PR this week.