feat: add authorizationParams to Token Vault authorizer params+interrupt

[pmalouin]

Description

This is the first step step in deploying the connected accounts feature. For this PR, we are simply adding the authorizationParams field to the TokenVaultInterrupt and TokenVaultParams. This will allow to start to specify the authorizationParams at the withTokenVault() calls like this:

export const withGoogleCalendar = auth0AI.withTokenVault({
  refreshToken: async () => {
    const session = await auth0.getSession();
    const refreshToken = session?.tokenSet.refreshToken as string;
    return refreshToken;
  },
  connection: "google-oauth2",
  scopes: ["openid", "https://www.googleapis.com/auth/calendar.freebusy"],
  // NEW:
  authorizationParams: {
    access_type: "offline"
  },
});

The goal is for the <TokenVaultConsent> to have access to those params when handle the TokenVaultInterrupt, and eventually trigger a connect account flow. For now, this change is non-breaking because the current <TokenVaultConsent> module ignores this field and will continue to leverage the /authorization flow.

Next iteration of this change will land in: #291

References

Include any links supporting this change such as a:

• GitHub Issue/PR number addressed or fixed
• Auth0 Community post
• StackOverflow post
• Support forum thread
• Related pull requests/issues from other repos

If there are no references, simply delete this section.

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not the default branch

[pmalouin]

I'm changing the ctor shape, which is only an internal breaking change (instantiating this interrupt should always be done internally to our libraries, not by any consumers).

[pmalouin]

I found it helpful to see the currently-authorized scopes in the error message while troubleshooting.

[cristiandouce]

Suggested change

	public behavior: "resume" | "reload";
	public readonly behavior: "resume" | "reload";

should this be readonly too?

[pmalouin]

added ✔️

[github-actions]

🎉 This PR is included in version @auth0/ai-v5.1.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version @auth0/ai-llamaindex-v4.1.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version @auth0/ai-vercel-v4.1.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀