Encapsulate the password check for OAuth2Auth provider in an AuthProviderInternal so the AuthProvider client does not need to have an strong dependency on the oauth2 artifact