feat(oauth2): support server-side callback

lib/schemes/oauth2.js

@@ -5,7 +5,8 @@ const isHttps = process.server ? require('is-https') : null
 const DEFAULTS = {
   token_type: 'Bearer',
   response_type: 'token',
-  tokenName: 'Authorization'
+  tokenName: 'Authorization',
+  transform_credentials_endpoint: null
 }
 
 export default class Oauth2Scheme {
@@ -139,9 +140,16 @@ export default class Oauth2Scheme {
     // refresh token
     let refreshToken = parsedQuery[this.options.refresh_token_key || 'refresh_token']
 
+    // Validate state
+    const state = this.$auth.$storage.getUniversal(this.name + '.state')
+    this.$auth.$storage.setUniversal(this.name + '.state', null)
+    if (state && parsedQuery.state !== state) {
+      return
+    }
+
     // -- Authorization Code Grant --
     if (this.options.response_type === 'code' && parsedQuery.code) {
-      const data = await this.$auth.request({
+      let data = await this.$auth.request({
         method: 'post',
         url: this.options.access_token_endpoint,
         baseURL: process.server ? undefined : false,
@@ -155,6 +163,16 @@ export default class Oauth2Scheme {
         })
       })
 
+      // Transform credentials (SSR Oauth on API side)
+      if (this.options.transform_credentials_endpoint) {
+        data = await this.$auth.request({
+          method: 'post',
+          url: this.options.transform_credentials_endpoint,
+          data
+        })
+      }
+
+
       if (data.access_token) {
         token = data.access_token
       }
@@ -168,13 +186,6 @@ export default class Oauth2Scheme {
       return
     }
 
-    // Validate state
-    const state = this.$auth.$storage.getUniversal(this.name + '.state')
-    this.$auth.$storage.setUniversal(this.name + '.state', null)
-    if (state && parsedQuery.state !== state) {
-      return
-    }
-
     // Append token_type
     if (this.options.token_type) {
       token = this.options.token_type + ' ' + token