Enabling third-party IDP token exposure through IS

[indeewari]

Is your feature request related to a problem? Please describe.
IS can act as the primary identity provider(IdP) for the business application that is used for managing the primary user base and orchestrating the login flow of the application. There are scenarios in which consumer users of the applications can authenticate via 3rd parties with federation via IS.
This business application also requires the users to authorize the application to consume APIs from these 3rd parties which manage the user’s resources. The third-party resource servers are protected by their trusted authorization servers. These authorization servers do not have token exchanging capabilities along with obtaining the user consent at the token exchange. This scenario requires the application to prompt for multiple user logins and hinders the user experience.

Describe the solution you would prefer
IS will expose the third-party access token and the refresh token to the business application. In fact, IS won't handle the refresh token mechanism internally.

Additional context
Without the capability, the application developers will have to prompt the user to login through multiple IDPs for a single user flow hindering the user experience.

[indeewari]

• Sharing federated tokens in oidc authentication carbon-identity-framework#5563
• Sharing federated tokens in oidc authentication wso2-extensions/identity-outbound-auth-oidc#176
• Sharing the federated token in oidc authentication wso2-extensions/identity-inbound-auth-oauth#2402

This is tested with v0.12.3549