Token exchange issue (#1927)

* fixed an issue where the IAS Configuration was used for the XSUAA token exchange

* Release 3.6.8

* Bump the prod-deps-ver group with 3 updates (#1925)

Bumps the prod-deps-ver group with 3 updates: [org.eclipse.jetty:jetty-bom](https://github.com/jetty/jetty.project), org.eclipse.jetty.ee10:jetty-ee10-servlet and org.eclipse.jetty.ee10:jetty-ee10-webapp.

Updates `org.eclipse.jetty:jetty-bom` from 12.1.6 to 12.1.7
- [Release notes](https://github.com/jetty/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-12.1.6...jetty-12.1.7)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.6 to 12.1.7

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.6 to 12.1.7

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.6 to 12.1.7

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.6 to 12.1.7

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-bom
  dependency-version: 12.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: Apply same fix to HybridIdentityServicesProofTokenAutoConfiguration

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: NiklasHerrmann21

spring-security/src/main/java/com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesProofTokenAutoConfiguration.java

@@ -84,7 +84,7 @@ public JwtDecoder hybridJwtDecoderProofTokenEnabled(XsuaaServiceConfiguration xs
 				IdentityServiceConfiguration identityConfig) {
 			LOGGER.debug("auto-configures HybridJwtDecoder with proofToken check enabled.");
       SecurityContext.registerIdTokenExtension(getDefaultIdTokenExtension(identityConfig));
-      SecurityContext.registerXsuaaTokenExtension(getDefaultXSUAATokenExtension(identityConfig));
+      SecurityContext.registerXsuaaTokenExtension(getDefaultXSUAATokenExtension(xsuaaConfig));
       TokenExchangeMode mode = TokenExchangeMode.fromString(tokenExchangeMode);
       return new JwtDecoderBuilder()
           .withIasServiceConfiguration(identityConfig)