feat(op): Server interface (#447)

* first draft of a new server interface

* allow any response type

* complete interface docs

* refelct the format from the proposal

* intermediate commit with some methods implemented

* implement remaining token grant type methods

* implement remaining server methods

* error handling

* rewrite auth request validation

* define handlers, routes

* input validation and concrete handlers

* check if client credential client is authenticated

* copy and modify the routes test for the legacy server

* run integration tests against both Server and Provider

* remove unuse ValidateAuthRequestV2 function

* unit tests for error handling

* cleanup tokenHandler

* move server routest test

* unit test authorize

* handle client credentials in VerifyClient

* change code exchange route test

* finish http unit tests

* review server interface docs and spelling

* add withClient unit test

* server options

* cleanup unused GrantType method

* resolve typo comments

* make endpoints pointers to enable/disable them

* jwt profile base work

* jwt: correct the test expect

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

pkg/op/token_exchange.go

@@ -197,12 +197,6 @@ func ValidateTokenExchangeRequest(
 		return nil, nil, oidc.ErrInvalidRequest().WithDescription("subject_token_type missing")
 	}
 
-	storage := exchanger.Storage()
-	teStorage, ok := storage.(TokenExchangeStorage)
-	if !ok {
-		return nil, nil, oidc.ErrUnsupportedGrantType().WithDescription("token_exchange grant not supported")
-	}
-
 	client, err := AuthorizeTokenExchangeClient(ctx, clientID, clientSecret, exchanger)
 	if err != nil {
 		return nil, nil, err
@@ -220,10 +214,28 @@ func ValidateTokenExchangeRequest(
 		return nil, nil, oidc.ErrInvalidRequest().WithDescription("actor_token_type is not supported")
 	}
 
+	req, err := CreateTokenExchangeRequest(ctx, oidcTokenExchangeRequest, client, exchanger)
+	if err != nil {
+		return nil, nil, err
+	}
+	return req, client, nil
+}
+
+func CreateTokenExchangeRequest(
+	ctx context.Context,
+	oidcTokenExchangeRequest *oidc.TokenExchangeRequest,
+	client Client,
+	exchanger Exchanger,
+) (TokenExchangeRequest, error) {
+	teStorage, ok := exchanger.Storage().(TokenExchangeStorage)
+	if !ok {
+		return nil, unimplementedGrantError(oidc.GrantTypeTokenExchange)
+	}
+
 	exchangeSubjectTokenIDOrToken, exchangeSubject, exchangeSubjectTokenClaims, ok := GetTokenIDAndSubjectFromToken(ctx, exchanger,
 		oidcTokenExchangeRequest.SubjectToken, oidcTokenExchangeRequest.SubjectTokenType, false)
 	if !ok {
-		return nil, nil, oidc.ErrInvalidRequest().WithDescription("subject_token is invalid")
+		return nil, oidc.ErrInvalidRequest().WithDescription("subject_token is invalid")
 	}
 
 	var (
@@ -234,7 +246,7 @@ func ValidateTokenExchangeRequest(
 		exchangeActorTokenIDOrToken, exchangeActor, exchangeActorTokenClaims, ok = GetTokenIDAndSubjectFromToken(ctx, exchanger,
 			oidcTokenExchangeRequest.ActorToken, oidcTokenExchangeRequest.ActorTokenType, true)
 		if !ok {
-			return nil, nil, oidc.ErrInvalidRequest().WithDescription("actor_token is invalid")
+			return nil, oidc.ErrInvalidRequest().WithDescription("actor_token is invalid")
 		}
 	}
 
@@ -258,17 +270,17 @@ func ValidateTokenExchangeRequest(
 		authTime:           time.Now(),
 	}
 
-	err = teStorage.ValidateTokenExchangeRequest(ctx, req)
+	err := teStorage.ValidateTokenExchangeRequest(ctx, req)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	err = teStorage.CreateTokenExchangeRequest(ctx, req)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	return req, client, nil
+	return req, nil
 }
 
 func GetTokenIDAndSubjectFromToken(