Add authorizationServerUrl and metadata arguments to addClientAuthentication.

Author: jaredhanson

src/client/auth.ts

@@ -72,25 +72,25 @@ export interface OAuthClientProvider {
    * the authorization result.
    */
   codeVerifier(): string | Promise<string>;
-  
+
   /**
    * Adds custom client authentication to OAuth token requests.
-   * 
+   *
    * This optional method allows implementations to customize how client credentials
    * are included in token exchange and refresh requests. When provided, this method
    * is called instead of the default authentication logic, giving full control over
    * the authentication mechanism.
-   * 
+   *
    * Common use cases include:
    * - Supporting authentication methods beyond the standard OAuth 2.0 methods
    * - Adding custom headers for proprietary authentication schemes
    * - Implementing client assertion-based authentication (e.g., JWT bearer tokens)
-   * 
+   *
    * @param url - The token endpoint URL being called
    * @param headers - The request headers (can be modified to add authentication)
    * @param params - The request body parameters (can be modified to add credentials)
    */
-  addClientAuthentication?(url: URL, headers: Headers, params: URLSearchParams): void | Promise<void>;
+  addClientAuthentication?(headers: Headers, params: URLSearchParams, url: string | URL, metadata?: OAuthMetadata): void | Promise<void>;
 
   /**
    * If defined, overrides the selection and validation of the
@@ -112,12 +112,12 @@ export class UnauthorizedError extends Error {
 
 /**
  * Determines the best client authentication method to use based on server support and client configuration.
- * 
+ *
  * Priority order (highest to lowest):
  * 1. client_secret_basic (if client secret is available)
  * 2. client_secret_post (if client secret is available)
  * 3. none (for public clients)
- * 
+ *
  * @param clientInformation - OAuth client information containing credentials
  * @param supportedMethods - Authentication methods supported by the authorization server
  * @returns The selected authentication method
@@ -127,7 +127,7 @@ function selectClientAuthMethod(
   supportedMethods: string[]
 ): string {
   const hasClientSecret = !!clientInformation.client_secret;
-  
+
   // If server doesn't specify supported methods, use RFC 6749 defaults
   if (supportedMethods.length === 0) {
     return hasClientSecret ? "client_secret_post" : "none";
@@ -137,11 +137,11 @@ function selectClientAuthMethod(
   if (hasClientSecret && supportedMethods.includes("client_secret_basic")) {
     return "client_secret_basic";
   }
-  
+
   if (hasClientSecret && supportedMethods.includes("client_secret_post")) {
     return "client_secret_post";
   }
-  
+
   if (supportedMethods.includes("none")) {
     return "none";
   }
@@ -152,12 +152,12 @@ function selectClientAuthMethod(
 
 /**
  * Applies client authentication to the request based on the specified method.
- * 
+ *
  * Implements OAuth 2.1 client authentication methods:
  * - client_secret_basic: HTTP Basic authentication (RFC 6749 Section 2.3.1)
  * - client_secret_post: Credentials in request body (RFC 6749 Section 2.3.1)
  * - none: Public client authentication (RFC 6749 Section 2.1)
- * 
+ *
  * @param method - The authentication method to use
  * @param clientInformation - OAuth client information containing credentials
  * @param headers - HTTP headers object to modify
@@ -197,7 +197,7 @@ function applyBasicAuth(clientId: string, clientSecret: string | undefined, head
   if (!clientSecret) {
     throw new Error("client_secret_basic authentication requires a client_secret");
   }
-  
+
   const credentials = btoa(`${clientId}:${clientSecret}`);
   headers.set("Authorization", `Basic ${credentials}`);
 }
@@ -593,11 +593,11 @@ export async function startAuthorization(
 
 /**
  * Exchanges an authorization code for an access token with the given server.
- * 
+ *
  * Supports multiple client authentication methods as specified in OAuth 2.1:
  * - Automatically selects the best authentication method based on server support
  * - Falls back to appropriate defaults when server metadata is unavailable
- * 
+ *
  * @param authorizationServerUrl - The authorization server's base URL
  * @param options - Configuration object containing client info, auth code, etc.
  * @returns Promise resolving to OAuth tokens
@@ -650,12 +650,12 @@ export async function exchangeAuthorization(
   });
 
   if (addClientAuthentication) {
-    addClientAuthentication(tokenUrl, headers, params);
+    addClientAuthentication(headers, params, authorizationServerUrl, metadata);
   } else {
     // Determine and apply client authentication method
     const supportedMethods = metadata?.token_endpoint_auth_methods_supported ?? [];
     const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);
-    
+
     applyClientAuthentication(authMethod, clientInformation, headers, params);
   }
 
@@ -678,11 +678,11 @@ export async function exchangeAuthorization(
 
 /**
  * Exchange a refresh token for an updated access token.
- * 
+ *
  * Supports multiple client authentication methods as specified in OAuth 2.1:
  * - Automatically selects the best authentication method based on server support
  * - Preserves the original refresh token if a new one is not returned
- * 
+ *
  * @param authorizationServerUrl - The authorization server's base URL
  * @param options - Configuration object containing client info, refresh token, etc.
  * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced)
@@ -732,12 +732,12 @@ export async function refreshAuthorization(
   });
 
   if (addClientAuthentication) {
-    addClientAuthentication(tokenUrl, headers, params);
+    addClientAuthentication(headers, params, authorizationServerUrl, metadata);
   } else {
     // Determine and apply client authentication method
     const supportedMethods = metadata?.token_endpoint_auth_methods_supported ?? [];
     const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);
-    
+
     applyClientAuthentication(authMethod, clientInformation, headers, params);
   }