Option to access raw token response by client

[themanojshukla]

Requirement: The client may need to store/access the raw token response received from the OAuth provider.

Existing possible solution: The extraParameter method already gives an option to get properties from the raw JSON response given by the OAuth provider, but it requires the key should be already known. Additionally, the whole raw response cannot be accessed directly.

Proposed solution: A method is added to JsonAccessToken.java that returns a deep cloned raw JSON response, as received from the OAuth provider. Deep cloning is to prevent the accidental modification of raw response.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 56.51%. Comparing base (00357be) to head (771aee8).

❗ Current head 771aee8 differs from pull request most recent head 646308d. Consider uploading reports for the commit 646308d to get more accurate results

Files	Patch %	Lines
...org/dmfs/oauth2/client/tokens/JsonAccessToken.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #103      +/-   ##
============================================
- Coverage     56.63%   56.51%   -0.12%     
  Complexity      112      112              
============================================
  Files            41       41              
  Lines           475      476       +1     
  Branches         29       29              
============================================
  Hits            269      269              
- Misses          181      182       +1     
  Partials         25       25              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dmfs]

I'm curious, what's the use case for exporting the entire response?

[themanojshukla]

I'm curious, what's the use case for exporting the entire response?

Well, thanks for asking. I'm having a use-case where I am trying to use this library as a gateway/layer to multiple OAuth providers to multiple users (like multi-tenant+multi-provider) and the calling of OAuth and all the other intermediate operations are abstract to end user.

The user once setup the OAuth provider and credentials, and then can invokes the request for tokens/OAuth flow via APIs (sort of integrations) but finally receives the actual token response given by his/her provider so that they can use it in whatever way they want, and think of this entire setup as generic OAuth abstraction (or kind of "API Gateway for OAuth").

Returning the extracted access_token and/or refresh_token/expiry/ or type may not be always the case with all the provider/client setup.