Client credentials flow does not support token issuer url with a path

[dlorych]

Description

The OIDC authentication flow does not support token issuer urls containing a path, e.g. urls of Microsoft Entra ID.

Version of SDK

v0.3.0

Reproduction

fga client in version 0.2.1 (go-sdk v0.3.0) behaviour (replace and with your values):

$ fga store list --api-url http://localhost:8080 --client-id "$AZURE_CLIENT_ID" --client-secret "$AZURE_CLIENT_SECRET" --api-audience <api audience> --api-token-issuer "login.microsoftonline.com/<tenant id>"
Error: failed to initialize FGA Client due to Credentials are invalid: CredentialsConfig.ApiTokenIssuer (https://login.microsoftonline.com/<tenant id>) is in an invalid format

Expected behavior

API token URLs should support URLs with paths.

Additional context

The issue is caused by IsWellFormedUri function, which expects value to not contain path part.

Additionally, the value is used to build the final token URL value by adding a fixed /oauth/token path, which is not always a case - for example such URL in Microsoft Entra ID ends with either /oauth2/token or /oauth2/v2.0/token path.

[rhamzeh]

Thanks for the issue - and sorry for taking a while to clean up.

This has been added by @le-yams in openfga/sdk-generator#275 and was out in v0.3.4 of the Go SDK. Released early last year.

Closing as completed.