feat: add token request hooks for all grant types

driver/config/provider.go

@@ -92,7 +92,10 @@ const (
 	KeyOAuth2GrantJWTIDOptional                  = "oauth2.grant.jwt.jti_optional"
 	KeyOAuth2GrantJWTIssuedDateOptional          = "oauth2.grant.jwt.iat_optional"
 	KeyOAuth2GrantJWTMaxDuration                 = "oauth2.grant.jwt.max_ttl"
-	KeyRefreshTokenHookURL                       = "oauth2.refresh_token_hook" // #nosec G101
+	KeyRefreshTokenHookURL                       = "oauth2.refresh_token_hook"      // #nosec G101
+	KeyAuthorizationCodeHookURL                  = "oauth2.authorization_code_hook" // #nosec G101
+	KeyClientCredentialsHookURL                  = "oauth2.client_credentials_hook" // #nosec G101
+	KeyJWTBearerHookURL                          = "oauth2.jwt_bearer_hook"         // #nosec G101
 	KeyDevelopmentMode                           = "dev"
 )
 
@@ -420,14 +423,22 @@ func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSou
 	return s
 }
 
-func (p *DefaultProvider) TokenRefreshHookURL(ctx context.Context) *url.URL {
-	if len(p.getProvider(ctx).String(KeyRefreshTokenHookURL)) == 0 {
-		return nil
-	}
+func (p *DefaultProvider) AuthorizationCodeHookURL(ctx context.Context) *url.URL {
+	return p.getProvider(ctx).RequestURIF(KeyAuthorizationCodeHookURL, nil)
+}
+
+func (p *DefaultProvider) ClientCredentialsHookURL(ctx context.Context) *url.URL {
+	return p.getProvider(ctx).RequestURIF(KeyClientCredentialsHookURL, nil)
+}
 
+func (p *DefaultProvider) TokenRefreshHookURL(ctx context.Context) *url.URL {
 	return p.getProvider(ctx).RequestURIF(KeyRefreshTokenHookURL, nil)
 }
 
+func (p *DefaultProvider) JWTBearerRefreshHookURL(ctx context.Context) *url.URL {
+	return p.getProvider(ctx).RequestURIF(KeyJWTBearerHookURL, nil)
+}
+
 func (p *DefaultProvider) DbIgnoreUnknownTableColumns() bool {
 	return p.p.Bool(KeyDBIgnoreUnknownTableColumns)
 }

driver/registry_base.go

@@ -506,6 +506,9 @@ func (m *RegistryBase) AccessRequestHooks() []oauth2.AccessRequestHook {
 	if m.arhs == nil {
 		m.arhs = []oauth2.AccessRequestHook{
 			oauth2.RefreshTokenHook(m),
+			oauth2.AuthorizationCodeHook(m),
+			oauth2.ClientCredentialsHook(m),
+			oauth2.JWTBearerHook(m),
 		}
 	}
 	return m.arhs

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured.json

@@ -32,16 +32,10 @@
     "allowed_top_level_claims": []
   },
   "requester": {
-    "client_id": "app-client",
-    "granted_scopes": [
-      "offline",
-      "openid",
-      "hydra.*"
-    ],
-    "granted_audience": [],
     "grant_types": [
       "refresh_token"
-    ]
+    ],
+    "payload": {}
   },
   "client_id": "app-client",
   "granted_scopes": [