[11.x] Allow using custom BearerTokenValidator

[PaolaRuby]

This PR does not break any existing features

This PR allows overriding the default BearerTokenValidator class by calling Passport::useBearerTokenValidator.

BearerTokenValidator could be extended or could be used with AuthorizationValidatorInterface

Why?

Because ResourceServer supports custom authorization validators but actually we have to overwrite PassportServiceProvider just for use this functionality

Complement of #1638

[taylorotwell]

Do you actually need this in a real-world project or is this being sent in for consistency?

[taylorotwell]

Thanks for your pull request to Laravel!

Unfortunately, I'm going to delay merging this code for now. To preserve our ability to adequately maintain the framework, we need to be very careful regarding the amount of code we include.

If possible, please consider releasing your code as a package so that the community can still take advantage of your contributions!

If you feel absolutely certain that this code corrects a bug in the framework, please "@" mention me in a follow-up comment with further explanation so that GitHub will send me a notification of your response.

[taylorotwell]

Closing pending description of real-world need and use case.

[PaolaRuby]

Do you actually need this in a real-world project or is this being sent in for consistency?

of course i need it

Closing pending description of real-world need and use case.

if you look #1638, it is to help on private claims, i have custom claims on token

So i am implementing my custom validator based on my custom private claims
https://github.com/thephpleague/oauth2-server/blob/43cd4d406906c6be5c8de2cee9bd3ad3753544ef/src/AuthorizationValidators/BearerTokenValidator.php#L119-L132

$claims = $token->claims();

if ($this->accessTokenRepository->isAccessTokenRevoked($claims->get('jti'))) {
    throw OAuthServerException::accessDenied('Access token has been revoked');
}

// Here check if token has been revoked on my custom validations
if ($this->validateAccessToken($claims)) {
    throw OAuthServerException::accessDenied('Access token is not valid');
}

return $request
    ->withAttribute('oauth_access_token_id', $claims->get('jti'))
    ->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud')))
    ->withAttribute('oauth_user_id', $claims->get('sub'))
    ->withAttribute('oauth_scopes', $claims->get('scopes'))
   // here i return my private claims to my custom token guard
    ->withAttribute('oauth_custom_claims', $claims->get('custom_claims'));

@taylorotwell

[driesvints]

@PaolaRuby looks like Taylor doesn't wants to merge this right now, sorry.