So for instance when get-access-token runs, it makes a POST call. This has the default clj-http middleware. This should work fine, but I have ran into an issue where the endpoint that is called contains a bug or returns some unexpected/malformed cookie, causing my POST to crash on wrap-cookies for instance.

I worked around this by forking this repo and wrap (clj-http.client/with-middleware ...) around it.

so the enhancement would be to enable the :middleware profile configuration key, and provide a middleware stack there. If nothing configured, it just doesn't do the with-middleware wrappery.

This makes the lib a bit more resilient, if it crashes. But I wonder if this is too far fetched? My feature suggestion is however fairly non-intrusive.

The problem with adding the middleware stack as an option means we can't move away from clj-http in future. I don't believe we need cookie middleware on clj-http for OAuth2, so perhaps it should be removed by default?

Ah yeah I agree. So then we would need to wrap it in (with-middleware ...) and provide a new stack.

I could make a PR for that if you want.