Add custom headers to social token request [SDK-2080]

[TLFilip]

Changes

For security reasons we need an option to add custom headers for token request. Such a possibility exists for email/password authentication and refresh token. This PR enables it for social login by adding WebAuthProvider.Builder method withHeaders.

Testing

To test it inspect the network traffic and notice custom headers in token request when executing OAuth2 flow.

• This change adds unit test coverage

• This change adds integration test coverage

• This change has been tested on the latest version of the platform/language or why not

Checklist

• I have read the Auth0 general contribution guidelines

• I have read the Auth0 Code of Conduct

• All existing and new tests complete without errors

[TLFilip]

Hey @lbalmaceda let me know if there’s a chance to merge that PR and what is required to do so. Thanks!

[danielphillips]

@cocojoe Hi Martin, as discussed a while ago, could you look into this PR please?

[lbalmaceda]

Apologies for missing this one. I might be able to take a look next week. I'm tracking this internally under SDK-2080.

[lbalmaceda]

Hey @TLFilip, sorry for the time it took us to review this. We're currently working on the next major and making some improvements (this included). We hope to deliver that soon.

That said, I think makes sense to have this in the current major before that new one is shipped. The PR looks good. I've left a change request to refactor a bit of the methods, especially given that most of the classes there are package private.

[lbalmaceda]

I'd merge this method into addPKCEParameters. Please, make the createPKCE() method take the headers in addition to the redirectUri. That way they are passed in the construction of the PKCE instance. That would as well remove the setter (pkce.setHeaders)

[lbalmaceda]

Thanks for the changes @TLFilip