Add additional headers during token refresh

[andig]

The VW api I'm working with (which is almost OAuth but then isn't) needs to receive the clientID in X-Client-ID header during token refresh. Would it be possible to add such header?

[andig]

Here is an example token source that supports custom refreshers:

type TokenRefresher interface {
	RefreshToken(token *oauth2.Token) (*oauth2.Token, error)
}

type TokenSource struct {
	token     *oauth2.Token
	refresher TokenRefresher
}

func RefreshTokenSource(token *oauth2.Token, refresher TokenRefresher) oauth2.TokenSource {
	return &TokenSource{token, refresher}
}

func (ts *TokenSource) Token() (*oauth2.Token, error) {
	var err error
	if time.Until(ts.token.Expiry) < time.Minute {
		var token *oauth2.Token
		if token, err = ts.refresher.RefreshToken(ts.token); err == nil {
			if token.AccessToken == "" {
				err = errors.New("token refresh failed to obtain access token")
			} else {
				err = ts.mergeToken(token)
			}
		}
	}

	return ts.token, err
}

// mergeToken updates a token while preventing wiping the refresh token
func (ts *TokenSource) mergeToken(t *oauth2.Token) error {
	return mergo.Merge(ts.token, t, mergo.WithOverride)
}

One could easily take this forward and make the guard time configurable, too (#481).

[camilaac]

This would be useful to propagate tracing headers too. Besides, for new oauth2 requests, afaik the headers are hardcoded in an internal class: https://github.com/golang/oauth2/blob/master/internal/token.go#L173 (from current master c85d3e9)

[seankhliao]

the package generally follows oauth2, not almost oauth2.

[andig]

Unfortunately, reality doesn't. I'm working with some ~30 apis that all made their little tweaks. Instead of reimplementing each and every code/token exchange request it would be great to use the oauth2.Config and supply the additional parameters.