Comprehensive OAuth2 base library with helper functions for token operations #1434
Description
Various operations listed in #1422 rely on OAuth2 protocol units as specified in the OAuth2 RFCs. We need to create a common library with a set of canonical functions for the following:
- OAuth token validation
- Claims extraction from OAuth tokens
- OAuth token exchange
- OAuth token refresh
- OAuth token scope modifications
- OIDC support
We will implement specifications from the following RFCs:
- RFC 6749: The OAuth 2.0 Authorization Framework
- RFC 8414: Authorization Server Metadata discovery
- RFC 7591: Dynamic Client Registration
- RFC 9728: Protected Resource Metadata
- RFC 8707: Resource Indicators
- RFC 8693: OAuth 2.0 Token Exchange
Wherever necessary, we will adhere to the OAuth2.1 specifications even though they have not yet been accepted as a standard:
- The OAuth 2.1 Authorization Framework: draft-ietf-oauth-v2-1-14
(Note: we envision this as an evolving feature, incorporating new standards as they emerge.)