Allow specifying clientId together with clientAssertion/clientAssertionType

[geovie]

Currently it's only possible to either specify the clientId or use clientAssertion/clientAssertionType.

However some provider require the use of clientId together with clientAssertion/clientAssertionType
e.g. Microsoft requires a clientId if the certificate credential is used see: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-certificate-credential
and I think also keycloak requires clientId always to be present:
https://github.com/keycloak/keycloak/blob/5387aef0fa727ea5cae4816f682ec72798fabaa4/services/src/main/java/org/keycloak/protocol/oidc/endpoints/request/AuthorizationEndpointRequestParserProcessor.java#L119-L123

The code responsible for it is in:

vertx-auth/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2API.java

Lines 184 to 194 in be97446

	String clientId = config.getClientId();
	if (clientId == null) {
	if (config.getClientAssertionType() != null) {
	form
	.put("client_assertion_type", config.getClientAssertionType());
	}
	if (config.getClientAssertion() != null) {
	form
	.put("client_assertion", config.getClientAssertion());
	}
	}

I guess this could be relaxed to only check if clientSecret is null and allow both clientId and clientAssertion/clientAssertionType.

Happy to provide a PR for this.

[geovie]

Also reading the spec I think client_id should always be present and it's also included in the private_key_jwt (client_assertion/client_assertion_type) example of the spec:

[tsegismont]

Hi @geovie , please go ahead and send a PR