I implemented the password reset flow in the spring authorization server with an email token. The implementation is similar to the OWASP Forgot Password The problem is that I do not know how to get the registered client when clicking the reset password link on the login form. It is possible to call this reset password URL without the client, and this shouldn't be possible.
When I open this URL in the browser, I get redirected to the login form.
http://localhost:8083/oauth2/authorize?response_type=code &client_id=client
&scope=openid
&redirect_uri=http://example.com
&code_challenge=MyChallengeCode
&code_challenge_method=S256
Login Form: 
When I click the reset password link, the flow starts.
My Questions:
- How can I get the client credentials for my reset password view?
- Should I implement it with my own OAuth2 Authorization Endpoint?
- How can I add the client to reset password link on the login page?
The question is not 100% clear on your goal but based on clarifying questions in comments, it seems you are trying to access to query parameters that were submitted with the authorization request. Using your example:
Let's say we want to access the
client_idparameter during the Forgot Password flow. The easiest way to accomplish this would be to use theRequestCache, since this is what stores the original URL in order to replay the request after the user authenticates successfully. Here is a simplified example:See also this related answer for an additional example.