Description
Summary
When using a 3rd party OAuth provider such as Auth0 or Okta it would be very useful to allow developers to hook into the Token Request build process in order to add custom parameters. This is because the providers mentioned above have added additional parameters on top of the specification to allow for more functionality.
Examples
audience: The unique identifier of the target API you want to access.
This parameter impacts the format of the access token
realm: String value of the realm the user belongs.
This parameter instructs Auth0 to use a particular Identity Provider.
A simple hook into the building of the request should provide sufficient flexibility for these custom parameters and any others that are introduced in the future.
NOTE: In addition to the custom parameters mentioned above, some providers use custom headers to facilitate a token request. Auth0 uses an auth0-forwarded-for header for brute-force protection. This is mentioned in the documentation link above.
This issue is very similar to #4911 which focuses on the Authorization Request.