Allow query params for ID provider URLs

[PiersRBME]

What feature do you want to see added?

Hi, me again.

It seems the plugin (or some library) constructs URLs to the ID provider by appending a query string like "?x=y&a=1" without checking if the URL already has any query parameters.

When using, for example, AWS Cognito, it's useful or necessary in some cases to include other parameters - such as a hint to which upstream provider Cognito should use, or the client ID for /logout endpoint.

If I configure authorizationServerUrl as, for example:
https://cognito-host/authorize?idp_identifier=my-corp-adfs
then the resulting call in the browser is like:
https://cognito-host/authorize?idp_identifier=my-corp-adfs?response_type=code&...
which has two ? and Cognito will see neither idp_identifier nor response_type params properly.

I should add that this was working apparently fine until quite recently, but I have no records of the exact URLs sent in the past, unfortunately.

(I've tried working around it by appending an & to the URL but that only works if the first extra param added by the plugin is not really needed - it seems the order of these params is not deterministic so it only works sometimes.)

I guess the same result could be achieved also with explicit config for additional query params. Welcome any suggestions.

[jtnord]

I think this can be added with OidcConfiguration.html#addCustomParam(String,String).
This just needs to be exposed.