Add a basic implementation of token exchange #2064
Description
Summary
Implement RFC 8693 OAuth 2.0 Token Exchange in a reusable interface that can be used by middleware and other components.
What We're Doing
Creating a token exchange implementation that follows the OAuth 2.0 Token Exchange specification (RFC 8693) to enable ToolHive to exchange incoming access tokens for backend-specific tokens when proxying MCP server requests.
Deliverables
- Token exchange client library implementing RFC 8693 specification
- Compatible with standard OAuth2 token source interfaces
- Configuration structure for token exchange parameters
- Comprehensive error handling for network and OAuth errors
- Security features including token redaction in logs and response validation
- Full unit test coverage
Acceptance Criteria
- Successfully exchanges subject tokens for backend tokens via RFC 8693
- Supports all required RFC 8693 parameters (grant_type, subject_token, subject_token_type, requested_token_type)
- Supports optional RFC 8693 parameters (audience, scope, resource, actor_token)
- Validates configuration before performing exchange
- Handles OAuth error responses according to RFC 6749
- Redacts sensitive tokens in all output