fixed bug in claims creation - reusing map(potential unmodifiable map

Author: rozagerardo

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenIntrospectionAuthenticationProvider.java

@@ -38,7 +38,7 @@
 
 import java.time.Instant;
 import java.util.Collection;
-import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Optional;
 
@@ -117,7 +117,8 @@ private boolean hasInvalidClaims(Map<String, Object> claims) {
 
 	private Map<String, Object> generateTokenIntrospectionClaims(Token<? extends AbstractOAuth2Token> tokenHolder,
 			String clientId, String username) {
-		Map<String, Object> claims = Optional.ofNullable(tokenHolder.getClaims()).orElse(new HashMap<>());
+		Map<String, Object> claims = Optional.ofNullable(tokenHolder.getClaims()).map(LinkedHashMap::new)
+				.orElse(new LinkedHashMap<>());
 		AbstractOAuth2Token token = tokenHolder.getToken();
 		claims.put(ACTIVE, true);
 		claims.put(CLIENT_ID, clientId);