Add Authority to ClientCredentials options

[josephdecock]

Adds a new authority option. If it is set, we use it to retrieve the discovery document, and use that to configure the token endpoint. Because this is an async operation, we have a new abstraction for retrieval of the token endpoint

Closes #28

[josephdecock]

For most usage, you just set the authority and let discovery happen in the background. But sometimes you do need to know what the token endpoint is - for example, here when we make a client assertion, we need to use the token endpoint as the audience. This is slightly more complex than just reading the option as we used to - notably this uses a new service and is an async operation. I don't think we can really avoid this though, because invoking the discovery endpoint *is async. At one point, we talked about doing this in a PostConfigureOptions, but that doesn't support asynchronicity.

[josephdecock]

I think we should support DiscoveryPolicy and Timeout here.

[brockallen]

Hmm.... ok, so do you think this is too complicated or problematic to pursue? IOW, is this worth all the new goo?

[josephdecock]

Hmm.... ok, so do you think this is too complicated or problematic to pursue? IOW, is this worth all the new goo?

I'm unsure ... frankly was hoping for strong reactions to this PR 😆

It does feel kind of unnecessary, especially if I add discovery policy and cache timeout.

@leastprivilege, @AndersAbel, what do you guys think?

[leastprivilege]

I think it is not the concern of this library to do discovery...

[josephdecock]

Ok, then let's close this and #28.

[leastprivilege]

I think it is not the concern of this library to do discovery...

At least not for this round of updates...

[josephdecock]

Okay, I'll leave this as a draft PR for the future