Add token web hook for all grants types

[fehrnah]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

Currently there exists a web hooks for refresh_token grants, but customizing other grant types is either not possible or not easy.

For example, customizing access_code tokens can be done in the consent endpoint, but customizing client_credentials is not possible.

Describe your ideal solution

Add access_token, jwt_profile and client_credentials web hooks working in a similar way to the existing refresh_token web hook.

Workarounds or alternatives

#1748 Would allow limited customization of all claims, not allowing more dynamic claims.
#1383 Is about setting static claims to client_credential tokens

Version

2.0

Additional Context

I was unsure if this was big enough to need a design document, If it does, pleas close this issue and I will remake it with a design document.

[synclpz]

I have some demand for on-the-fly scope/audience check due to API consumer might have changed it's subscriptions on the API portal which has different client (consumer) lifecycle than Hydra has. Also inserting some API-GW related consumer ID should make call control easier on GW side. This is still not possible using client_credentials flow with Hydra.

[aeneasr]

Yeah, I think this is a pretty good idea

[fehrnah]

Great, I'm already working on it, I still have some tests to run and I should be able to create a PR soon.