Add support of Private JWT Token auth in management API

[alexkaplun-firebolt]

Checklist

• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

I have created an application that I'm using with Management API SDK using the 'Private Key JWT' authentication method. After reading through management API and it's implementation, figured out that there's only client credentials auth method supported, and there is no way to use 'Private Key JWT'.

I thought it should be then possible to provide own http.Client as follows:

// my own http client that creates an assertion and adds it to requests
httpCl := CreateHTTPClient(ctx, clientID, []byte(privateKey))

cl, err := management.New(
    domain,
    management.WithClient(httpCl),
)

But it looks like the tokenSource in management client is overwritten, so there's no possibility to provide a custom token source.

Describe the ideal solution

Ideal solution would be to have a new option for management API client:

cl, err := management.New(
    domain,
    management.WithPrivateKeyJWT(clientId, []byte(privateKey)),
)

that would configure token source and support Private Key JWT authentication flow

Alternatives and current workarounds

Alternatively, allow setting a custom token source when providing the http.Client or with a separate option management.WithTokenSource()

Additional context

No response

[developerkunal]

Hi @alexkaplun-firebolt,

I hope you're doing well!

Currently, we are using the x/oauth2 library, which does not yet support this authentication flow. However, there is an ongoing discussion about it: GitHub Issue #57186.

I'll discuss this internally and let you know if we can implement this feature in an alternative way.

[alexkaplun-firebolt]

Got it, looking forward to hearing back.
Thanks.