使用 spring security 将查询参数添加到社交登录授权 URI

我目前正在通过社交提供商（谷歌、Facebook 等）使用 spring security 进行 Oauth2 登录。当前设置主要基于以下教程：https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/

即通过点击 REST 端点初始化登录：https://example.com/oauth2/authorize/{registrationId} 在浏览器 cookie 中存储有关登录会话的信息（状态 + 最终 redirectUri）后，将重定向客户端请求提供者的授权 URI。

SecurityConfig.java:

package com.example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.example.security.*;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        securedEnabled = true,
        jsr250Enabled = true,
        prePostEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomOAuth2UserService customOAuth2UserService;

    @Autowired
    private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;

    @Autowired
    private OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;

    @Autowired
    private HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;

    @Bean
    public TokenAuthenticationFilter tokenAuthenticationFilter() {
        return new TokenAuthenticationFilter();
    }

    /*
      By default, Spring OAuth2 uses HttpSessionOAuth2AuthorizationRequestRepository to save
      the authorization request. But, since our service is stateless, we can't save it in
      the session. We'll save the request in a Base64 encoded cookie instead.
    */
    @Bean
    public HttpCookieOAuth2AuthorizationRequestRepository cookieAuthorizationRequestRepository() {
        return new HttpCookieOAuth2AuthorizationRequestRepository();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                    .and()
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                .csrf()
                    .disable()
                .formLogin()
                    .disable()
                .httpBasic()
                    .disable()
                .exceptionHandling()
                    .authenticationEntryPoint(new RestAuthenticationEntryPoint())
                    .and()
                .authorizeRequests()
                    .antMatchers("/oauth2/**")
                        .permitAll()
                    .anyRequest()
                        .authenticated()
                    .and()
                .oauth2Login()
                    .authorizationEndpoint()
                        .baseUri("/oauth2/authorize")
                        .authorizationRequestRepository(cookieAuthorizationRequestRepository())
                        .and()
                    .redirectionEndpoint()
                        .baseUri("/oauth2/callback/*")
                        .and()
                    .userInfoEndpoint()
                        .userService(customOAuth2UserService)
                        .and()
                    .successHandler(oAuth2AuthenticationSuccessHandler)
                    .failureHandler(oAuth2AuthenticationFailureHandler)
                    ;

        // Add our custom Token based authentication filter
        http.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    public HttpCookieOAuth2AuthorizationRequestRepository getHttpCookieOAuth2AuthorizationRequestRepository() {
        return httpCookieOAuth2AuthorizationRequestRepository;
    }

    public void setHttpCookieOAuth2AuthorizationRequestRepository(
            HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository) {
        this.httpCookieOAuth2AuthorizationRequestRepository = httpCookieOAuth2AuthorizationRequestRepository;
    }
}

如果是谷歌授权，在application.properties中设置如下：

#Social Providers OAuth2 settings
spring.security.oauth2.client.registration.google.clientId=abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.clientSecret=secret
spring.security.oauth2.client.registration.google.redirectUri=https://example.com/oauth2/callback/{registrationId}
spring.security.oauth2.client.registration.google.scope=email,profile

产生下面的 authorisationURI：

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount
    ?response_type=code
    &client_id=abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
    &scope=email%20profile
    &state=zyxwvutsrqponmlkjihgfedcba
    &redirect_uri=https%3A%2F%2Fexample.com%2Foauth2%2Fcallback%2Fgoogle
    &service=lso
    &o2v=2
    &flowName=GeneralOAuthFlow

我想添加一个额外的查询参数：

&prompt=select_account

但我无法弄清楚如何。我尝试将下面的行添加到 application.properties:

spring.security.oauth2.client.registration.google.prompt=select_account

但这没有用（与以前构造的 URI 相同）- 我看不到任何可用于设置此特定参数的属性，如下所列：https://docs.spring.io/spring-security/site/docs/5.2 .12.RELEASE/reference/html/oauth2.html

有没有办法通过 Spring security 附加这些查询参数？