put() in DefaultOAuth2TokenContext is not respected during token generation #18202
Description
We use this guide to create a custom grant type for our CIBA use case but we found a potential problem in enriching the token context.
OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(principal)
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
.authorizationGrantType(token.getGrantType())
.authorizationGrant(token)
.put("custom-claim", "custom-claim")
.build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
As you see in the snippet above we are creating token context from DefaultOAuth2TokenContext and we use the put() to add a custom claim which we assumed that the token will be enriched with but unfortunately its not. We saw the code of JwtGenerator and OAuth2AccessTokenGenerator where the DefaultOAuth2TokenContext's put() method is not respected.
We of course know that the custom claims can be added with this guide but instead of dealing it as a bean we thought of adding it in one place. Can this be addressed in your coming releases or please correct us if we are using put() method wrongly.