feat(oidc): add actor claim to introspection response

With impersonation we assign an actor claim to our JWT/ID Tokens. This change adds the actor claim to the introspection response to follow suit.

This PR also adds the `auth_time` and `amr` claims for consistency.

example/client/app/app.go

@@ -99,6 +99,10 @@ func main() {
 
 	// for demonstration purposes the returned userinfo response is written as JSON object onto response
 	marshalUserinfo := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[*oidc.IDTokenClaims], state string, rp rp.RelyingParty, info *oidc.UserInfo) {
+		fmt.Println("access token", tokens.AccessToken)
+		fmt.Println("refresh token", tokens.RefreshToken)
+		fmt.Println("id token", tokens.IDToken)
+
 		data, err := json.Marshal(info)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)

pkg/oidc/introspection.go

@@ -22,12 +22,15 @@ type IntrospectionResponse struct {
 	TokenType                       string              `json:"token_type,omitempty"`
 	Expiration                      Time                `json:"exp,omitempty"`
 	IssuedAt                        Time                `json:"iat,omitempty"`
+	AuthTime                        Time                `json:"auth_time,omitempty"`
 	NotBefore                       Time                `json:"nbf,omitempty"`
 	Subject                         string              `json:"sub,omitempty"`
 	Audience                        Audience            `json:"aud,omitempty"`
+	AuthenticationMethodsReferences []string            `json:"amr,omitempty"`
 	Issuer                          string              `json:"iss,omitempty"`
 	JWTID                           string              `json:"jti,omitempty"`
 	Username                        string              `json:"username,omitempty"`
+	Actor                           *ActorClaims        `json:"act,omitempty"`
 	UserInfoProfile
 	UserInfoEmail
 	UserInfoPhone