Give an access to bearer token, aquired during authentication proccess

[boryashkin]

In provider/oauth2 the AuthHandler func does receive a brearer-token, using which we could pontentially access a private API of identity provider. Wouldn't it be useful? Any concerns about adding some hook for this? That way go-pkgz/auth will be used as an authorization framework, allowing to setup a proxy to a private API without giving a client any direct access to bearer-token itself.