Add authParams configuration support for OAuth2 clients

[Copilot]

OAuth2 providers often require additional parameters in the authorization URL (e.g., Google's prompt=select_account to force account selection). Previously, these had to be passed manually on each buildAuthUrl() call or required modifying client classes.

Changes

• OAuth2 class: Added authParams property with setter/getter methods
• buildAuthUrl(): Modified parameter merge order to defaultParams → authParams → runtimeParams
• Tests: Added coverage for authParams configuration, merging, and runtime override behavior

Usage

'clients' => [
    'google' => [
        'class' => \Yiisoft\Yii\AuthClient\Client\Google::class,
        'setClientId()' => ['client_id'],
        'setClientSecret()' => ['client_secret'],
        'setAuthParams()' => [[
            'prompt' => 'select_account',
            'access_type' => 'offline',
        ]],
    ],
],

The merge order ensures runtime parameters can override configured defaults while maintaining backwards compatibility.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• asset-packagist.org
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/2QZ8P7 /usr/bin/composer install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Adding 'authParams' to authClientCollection clients</issue_title>
<issue_description>### Proposed new feature or change

Hi,

There are use cases in which additional OAuth parameters may need to be passed in the URL. For example Google oauth with multiple accounts choices may simply use by default the account that had access previously granted instead of offering to pick another account:

'authClientCollection' => [
            'class' => \yii\authclient\Collection::class,
            'clients' => [
                'google' => [
                    'class' => \yii\authclient\clients\Google::class,
                    'clientId' => 'XXX',
                    'clientSecret' => 'YYY',
                    'scope' => 'openid email profile',
                    'authParams' => [
                        'prompt' => 'select_account', // force account chooser
                        // optional: 'access_type' => 'offline', 'include_granted_scopes' => 'true'
                    ],
                ], ...

I looked through code and additional 'params' are merged in different url building methods (like buildAuthUrl(array $params = [])) with the default auth parameters, however, there is no way to pass those params to the existing methods from the component config.

Could we add/parse/merge an 'authParams' array in config?

</issue_description>

<agent_instructions>Make it available for any client. Do not break backwards compatibility.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@samdark Do you mean auth URL? @samdark Thanks for explaining.

• Fixes Adding 'authParams' to authClientCollection clients #73

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.