fix(jans-auth): token obtained after flow with authz challenge endpoint has no scopes

[jgomer2001]

Requests:

$ curl -i -k -d use_auth_session=true -d acr_values=agama_challenge -d flow_name=test3 -d scope=openid -d client_id=1800.31d70990-c119-411e-b793-0c60deaa2a8d https://jgomer2001-arriving-jay.gluu.info/jans-auth/restv1/authorize-challenge
HTTP/1.1 401 Unauthorized
Date: Fri, 10 Jan 2025 14:15:08 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-transform, no-store
Content-Type: application/json
Content-Length: 168
Set-Cookie: X-Correlation-Id=49a15411-e334-44d7-8ae0-36e600758b87; Secure; HttpOnly;HttpOnly

{
  "flow_finished": {
    "data": {"userId": "admin"},
    "success": true
  },
  "auth_session": "443dde43-0b9b-464c-83e3-56fc0fdf1155",
  "error": "flow_finished"
}

$ curl -i -k -d auth_session=443dde43-0b9b-464c-83e3-56fc0fdf1155 -d use_auth_session=true --data-urlencode data='{}' https://jgomer2001-arriving-jay.gluu.info/jans-auth/restv1/authorize-challenge
HTTP/1.1 200 OK
Date: Fri, 10 Jan 2025 14:15:19 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-transform, no-store
Content-Type: application/json
Content-Length: 61
Set-Cookie: X-Correlation-Id=fc3c7b4c-b4f4-4462-8f3c-7bb93ae4abd0; Secure; HttpOnly;HttpOnly

{"authorization_code":"0452c5b6-764f-4b35-b866-bbd7d563a59d"}

$ curl -i -k -d code=0452c5b6-764f-4b35-b866-bbd7d563a59d -H 'Authorization: Basic MTgwMC4zMWQ3MDk5MC1jMTE5LTQxMWUtYjc5My0wYzYwZGVhYTJhOGQ6WGE0NlhCdDRaWGFL' -d grant_type=authorization_code https://jgomer2001-arriving-jay.gluu.info/jans-auth/restv1/token 
HTTP/1.1 200 OK
Date: Fri, 10 Jan 2025 14:15:36 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store
Content-Type: application/json
Pragma: no-cache
Content-Length: 94
Set-Cookie: X-Correlation-Id=f576c7a0-f4b1-4d1f-a2ac-152fcc491b18; Secure; HttpOnly;HttpOnly

{"access_token":"61f36d69-dbd8-44c0-8014-211b71eb9935","token_type":"Bearer","expires_in":299}

Client entry:

• A few columns: client_partial.csv.txt
• Complete: client_full.csv.txt

Token entry:
token.csv.txt

[yuriyz]

Workaround is to simply pass scope. However I guess question is whether we can restore it from session. What is saved in session is controlled by custom script. I guess we can :

1. save scope (and any other parameters) via custom script
2. restore -> we need another method in custom script for example prepareAuthzRequest(AuthzRequest authzRequest). In this method script can get session and set it to authzRequest (restore it from session.).
   In this way it will work not only for scope but it will be extandable solution for any parameters.

Thus I'm going to add one more method to authorization challenge custom script: prepareAuthzRequest(AuthzRequest authzRequest).