feat: (rfc8693) Token exchange

[vivshankar]

Support OAuth 2.0 Token Exchange in impersonation and delegation modes for a variety of token types.

Related Issue or Design Document

Replaces the excellent implementation in #725 contributed by @saxenautkarsh with a broader implementation given community interest.

Key aspects to note -

1. A custom token type has a "type" and a "name". The name is used in the token request. The type is used to determine the handler that should be used. For example - you can have several JWT types handled by the same JWT type handler.
2. Each token type has an associated handler. So in the future, say the native app SSO implementation is added to Fosite, you would simply add the device_secret actor token type handler.

Checklist

• [x] I have read the contributing guidelines and signed the CLA.
• [x] I have referenced an issue containing the design document if my change introduces a new feature.
• [x] I have read the security policy.
• [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
• [x] I have added tests that prove my fix is effective or that my feature works.
• [ ] I have added the necessary documentation within the code base (if appropriate).

Further comments

N/A

[vivshankar]

@aeneasr @mitar @james-d-elliott This may be of some interest to you. I finally got round to porting my code over.

[asv]

Hi! Any progress?

[Eriwyr]

Hello, do we have some news about this topic ? :)

[yverry]

Oh, this is a super-duper nice feature! My head is already spinning with use cases – can't wait to play! 🎉🤩