oauth2: add support for additional parameters in token request body (#42093)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
[email protected] where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->

Commit Message: oauth2: add support for additional parameters in token
request body
Additional Description: also adds useragent header to the request
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
Fixes: #42037

---------

Signed-off-by: Andrea Cappadona <[email protected]>

Mirrored from https://github.com/envoyproxy/envoy @ a3662e7b3df451ef0995761b307175544fdd8591

Author: update-envoy[bot]

envoy/extensions/http/injected_credentials/oauth2/v3/oauth2.proto

@@ -26,6 +26,7 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 // proxied requests.
 // Currently, only the Client Credentials Grant flow is supported.
 // The access token will be injected into the request headers using the ``Authorization`` header as a bearer token.
+// [#next-free-field: 6]
 message OAuth2 {
   enum AuthType {
     // The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme.
@@ -53,6 +54,17 @@ message OAuth2 {
     AuthType auth_type = 3;
   }
 
+  // Optional additional parameters to include in the token endpoint request body.
+  // These parameters will be URL-encoded and added to the request body along with the standard OAuth2 parameters.
+  // Refer to your authorization server's documentation for supported parameters.
+  message EndpointParameter {
+    // Parameter name.
+    string name = 1 [(validate.rules).string = {min_len: 1}];
+
+    // Parameter value.
+    string value = 2;
+  }
+
   // Endpoint on the authorization server to retrieve the access token from.
   // Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-3.2) for details.
   config.core.v3.HttpUri token_endpoint = 1 [(validate.rules).message = {required: true}];
@@ -73,4 +85,8 @@ message OAuth2 {
   // The interval must be at least 1 second.
   google.protobuf.Duration token_fetch_retry_interval = 4
       [(validate.rules).duration = {gte {seconds: 1}}];
+
+  // Optional list of additional parameters to send to the token endpoint.
+  // These parameters will be URL-encoded and included in the token request body.
+  repeated EndpointParameter endpoint_params = 5;
 }