custom exchange request attribute/header

[lunicon]

Cant send extra attribute in password grant

config.PasswordCredentialsToken(ctx, username, password)

So, we have to use Echange to send client_ip

token, err = config.Exchange(ctx, "",
  oauth2.SetAuthURLParam("grant_type", "password"),
  oauth2.SetAuthURLParam("username", username),
  oauth2.SetAuthURLParam("password", password),
  oauth2.SetAuthURLParam("scope", strings.Join(config.Scopes, " ")),
  oauth2.SetAuthURLParam("client_ip", clientIP))

I made http middleware which convert basic authentication to openid token for temporary backward compatibility
server extention read clientIP from attribute.

Server support forwarded request https://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/clustering/load-balancer.adoc
But I have no idea how to set exchange request headers

req.Header.Set("X-Forwarded-Proto", "https");
req.Header.Set("X-Forwarded-For", clientIP);

[andig]

+1 for this request. Required for polestar api. Some similarity to #483

[andig]

The main point for doing this from my pov is that the oauth2.Token itself cannot be unmarshaled from a JSON structure since expires_in doesn't map to expiry. This forces every library to implement its own Token structure.

[lrascao]

+1 for this, auth0 requires the audience url value to be present or else returns malformed tokens

[seankhliao]

Given https://datatracker.ietf.org/doc/html/rfc9700#section-2.4
I don't think we're going to make any more effort to support it.