Description
Expected Behavior
The AuthorizationRequestRedirectFilter should have failure handler which by default uses the implementation of the unsuccessfulRedirectForAuthorization method. AuthorizationRequestRedirectFilter should have a setter to override the default failure handler with a custom implementation
Current Behavior
Currently the unsuccessfulRedirectForAuthorization always set a HTTP 500 for all errors that occur while preparing the call to the external IDP.
Context
Because the code statically returns a HTTP 500 it makes it hard (using custom filters or overriding the response object) to trigger other behavior like for example forwarding to custom (external) error page.
We are using a DefaultOAuth2AuthorizationRequestResolver with an authorization request customizer that checks stuff in the user session to determine from which flow the user is coming, but when this fails we cannot direct the user to another location