Add duende-identity-server7 provider

[MonstraG]

Goals

Recently, a new version of Duende IdentityServer has been released, one of the features of which is Pushed Authorization Requests.

Non-Goals

n/a?

Background

is6 is supported, so should is7

Proposal

I'm not sure whether how next/auth operates conflicts or not with PAR, that's the biggest question.

I am a bit interested in contributing.

[akosb]

Hi,

not sure this helps, but due to some project requirements I'm also looking into this.

According to the RFC a PAR request will return a request_uri that has to be passed in to an autorizationUrl endpoint.

NextAuth.js v4
This version is using openid-client v5.x (ref)

	"openid-client": "^5.4.0",

which implements a method called pushedAuthorizationRequest (ref)
Unfortunatelly there is no example provided about this methods usage, but I wrote a PoC for this:

	const parResponse = await client.pushedAuthorizationRequest({
		scope: "xxx xxx xxx",
		response_type: "code",
		response_mode: "form_post",
		code_challenge,
		code_challenge_method: ['S256'],		
	}, { DPoP: privateKey });

	const authUrl = await client.authorizationUrl({
		request_uri: parResponse.request_uri
	})
	return authUrl	

where privateKey is your JWT key and the parResponse looks like this:

parResponse: {
  request_uri: 'urn:ietf:params:oauth:request_uri:xxxxxxxxxxxxxxxxxxxxxx',
  expires_in: 600
}

this has to be passed in to the the authUrl

	const authUrl = await client.authorizationUrl({
		request_uri: parResponse.request_uri
	})
	return authUrl

Next auth does this here so probably this is where PAR response should be injected.

const url = client.authorizationUrl(authorizationParams)

Auth.js (v5.x)

Seems this versions is using oauth4webapi and here is the sample code how PAR works
Next auth takes care of getting the authorizationUrl here.