Currently the audit logging seems to not able to provide audit logging for explicit fields of the OAuth2/UMA request/response. For example, the access_token audit only audit the scope and token_type but user defined or other scopes are not possible. Say also if the OAuth2 response have an extra attribute like profile or a custom value (defined in a custom ScopeValidator), it is no possible to log these.
- It would be good if there is some way to have the audit logging able to permit logging customizable OAuth2/OIDC/UMA request/response fields (per realm).
- Also maybe it is also good if there is some wayto attach extra audit data that can be sent to audit considering that maybe things like ScopeValidator or other extension point. Currently this is also not possible.