Add authentication_code param for passwordless authentication

README.md

@@ -89,6 +89,7 @@ The available flags are:
       --assertion string                                    claims for jwt bearer assertion
       --audience strings                                    requested audience
       --auth-method string                                  token endpoint authentication method
+      --authentication-code string                          authentication code used for passwordless authentication: https://cloudentity.com/developers/app-dev-tutorials/identity-pools/add-passwordless-authentication/
       --authorization-endpoint string                       server's authorization endpoint
       --browser-timeout duration                            browser timeout (default 10m0s)
       --callback-tls-cert string                            path to callback tls cert pem file

cmd/oauth2.go

@@ -89,6 +89,7 @@ func NewOAuth2Cmd(version, commit, date string) (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().StringVar(&cconfig.Purpose, "purpose", "", "string describing the purpose for obtaining End-User authorization")
 	cmd.PersistentFlags().StringSliceVar(&cconfig.Prompt, "prompt", []string{}, "end-user authorization purpose")
 	cmd.PersistentFlags().StringVar(&cconfig.MaxAge, "max-age", "", "maximum authentication age in seconds")
+	cmd.PersistentFlags().StringVar(&cconfig.AuthenticationCode, "authentication-code", "", "authentication code used for passwordless authentication: https://cloudentity.com/developers/app-dev-tutorials/identity-pools/add-passwordless-authentication/")
 
 	cmd.PersistentFlags().StringVar(&sconfig.TokenEndpoint, "token-endpoint", "", "server's token endpoint")
 	cmd.PersistentFlags().StringVar(&sconfig.AuthorizationEndpoint, "authorization-endpoint", "", "server's authorization endpoint")

internal/oauth2/oauth2.go

@@ -94,6 +94,7 @@ type ClientConfig struct {
 	Purpose                string
 	Prompt                 []string
 	MaxAge                 string
+	AuthenticationCode     string
 }
 
 func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error) {

internal/oauth2/request.go

@@ -69,6 +69,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("max_age", cconfig.MaxAge)
 	}
 
+	if len(cconfig.AuthenticationCode) > 0 {
+		r.Form.Set("authentication_code", cconfig.AuthenticationCode)
+	}
+
 	if cconfig.IDTokenHint != "" {
 		r.Form.Set("id_token_hint", cconfig.IDTokenHint)
 	}
@@ -156,6 +160,10 @@ func (r *Request) AuthorizeRequest(
 		if len(cconfig.MaxAge) > 0 {
 			r.Form.Set("max_age", cconfig.MaxAge)
 		}
+
+		if len(cconfig.AuthenticationCode) > 0 {
+			r.Form.Set("authentication_code", cconfig.AuthenticationCode)
+		}
 	}
 
 	if cconfig.DPoP {