Support the access token binding to the client MTLS authentication

[sberyozkin]

Description
When the client uses the same certificate to authenticate to both IDP when requesting a token and Quarkus adapter, it can help the adapter to link the access token to the client certificate thus achieving an extra guarantee that the token is coming from the same client which requested it from IDP. Per the KC team recommendation

Hi Stian @stianst, Pedro, @pedroigor FYI

[sberyozkin]

Related to #4447

[sberyozkin]

@CSTDev if you know where in the Vertx request context the client cert info is available then please comment here

[CSTDev]

I've been using the peerCertificateChain from the request context to get any information I need for authentication.
In an authenticate method in a class extending io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism I do:

routingContext.request().peerCertificateChain()

where routingContext is io.vertx.ext.web.RoutingContext

This will be different if you're behind a reverse proxy mind, then I think practice is to put the info in headers, but i could be wrong.
Hope that's helpful and what you're after.

[sberyozkin]

@CSTDev thanks for this information

[sberyozkin]

This old issue is the next major OIDC issue I will be looking at

[sberyozkin]

It will be completed after Michal @michalvavrik's PR, #42935 is merged