Spring Security Login with OAuth 2.0 Invalid credentials

Describe the bug requests:

1. http://127.0.0.1/
2. http://127.0.0.1/oauth2/authorization/gateway
3. http://localhost:8080/oauth2/authorize?response_type=code&client_id=oidc-client&scope=profile%20user&state=y0RKJM5_oDR3Yi8KQtZlgaCrqHDEXHHn6qu_ZCmnJ38%3D&redirect_uri=http://127.0.0.1:80/login/oauth2/code/gateway
4. http://127.0.0.1/login/oauth2/code/gateway?code=ILgI4KveK7BoKH6UiHazfowwBILPZYLKTfK9RH6rof86s_IYUI0Tmqe6Fubdew2UtWsx-15qe0DF4acT-XOHPeaxfWvPcLt-RTRUixxksEVYtIUeOsne34x9qdqL4HDK&state=y0RKJM5_oDR3Yi8KQtZlgaCrqHDEXHHn6qu_ZCmnJ38%3D
5. http://127.0.0.1/login?error Login with OAuth 2.0 Invalid credentials gateway

To Reproduce Steps to reproduce the behavior.

Expected behavior A clear and concise description of what you expected to happen.

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not. At times, we may require a sample, so it is good to try and include a sample up front. Login with OAuth 2.0 Invalid credentials gatewayLogin with OAuth 2.0 Invalid credentials gatewayLogin with OAuth 2.0 Invalid credentials gateway

Comment From: knowwen

o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (20/25)
2025-10-18T09:37:34.994+08:00 TRACE 23544 --- [service-oauth2] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Authorizing GET /oauth2/authorize?response_type=code&client_id=oidc-client&scope=profile%20user&state=b9vGdZL0nSuxV8_CIJC_sr51FbuHuGiM3WQDdlRtvLo%3D&redirect_uri=http://127.0.0.1:80/login/oauth2/code/gateway
2025-10-18T09:37:34.996+08:00 TRACE 23544 --- [service-oauth2] [nio-8080-exec-1] estMatcherDelegatingAuthorizationManager : Checking authorization on GET /oauth2/authorize?response_type=code&client_id=oidc-client&scope=profile%20user&state=b9vGdZL0nSuxV8_CIJC_sr51FbuHuGiM3WQDdlRtvLo%3D&redirect_uri=http://127.0.0.1:80/login/oauth2/code/gateway using org.springframework.security.authorization.AuthenticatedAuthorizationManager@2ddddb09
2025-10-18T09:37:34.997+08:00 TRACE 23544 --- [service-oauth2] [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2025-10-18T09:37:34.999+08:00 TRACE 23544 --- [service-oauth2] [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied