OIDC client needs extra flexibility

Description

I am attempting to authenticate with an NHS service that uses an idiosyncratic Microsoft OAuth implementation and I have hit an edge case that suggests some extra flexibility may be needed. Their service only has one endpoint which is the token endpoint. There is no auto-discovery. Due to this lack of auto-discovery, I have to set the token-path so I took the last part of the server URL and added that to token-path. However, the service insists that the JWT audience is the entire path to the token endpoint. When the JWT is signed however only the auth server URL is used for the audience. My configuration is

quarkus.oidc-client.client-enabled=true
quarkus.oidc-client.grant.type=client
quarkus.oidc-client.auth-server-url=https://dev.api.service.nhs.uk/oauth2
quarkus.oidc-client.client-id=<my_cid>
quarkus.oidc-client.discovery-enabled=false # token path MUST be set
quarkus.oidc-client.token-path=/token
quarkus.oidc-client.credentials.jwt.key-file=pk.pem
quarkus.oidc-client.credentials.jwt.token-key-id=<my-kid>
quarkus.oidc-client.credentials.jwt.signature-algorithm=RS512 # works as I am using the snapshot build

This means that in the OidcCommonUtils class in the signJwtWithKey method the JWT audience is set to https://dev.api.service.nhs.uk/oauth2 where the service insists on https://dev.api.service.nhs.uk/oauth2/token.

Implementation ideas

Maybe some configuration options could be added to override the default JWT values for these restricted OIDC implementations.