OAuth: Support Forward OAuth Identity for backend data source plugins (#27055)

Adds support for the Forward OAuth Identity feature in backend data source plugins. 
Earlier this feature has only been supported for non-backend data source plugins.

Fixes #26023

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

pkg/plugins/datasource/wrapper/datasource_plugin_wrapper_v2.go

@@ -4,13 +4,13 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/grafana/grafana-plugin-sdk-go/backend/grpcplugin"
-
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/grpcplugin"
 	"github.com/grafana/grafana-plugin-sdk-go/genproto/pluginv2"
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/services/oauthtoken"
 	"github.com/grafana/grafana/pkg/tsdb"
 )
 
@@ -51,6 +51,17 @@ func (tw *DatasourcePluginWrapperV2) Query(ctx context.Context, ds *models.DataS
 		return nil, err
 	}
 
+	if query.Headers == nil {
+		query.Headers = make(map[string]string)
+	}
+
+	if oauthtoken.IsOAuthPassThruEnabled(ds) {
+		if token := oauthtoken.GetCurrentOAuthToken(ctx, query.User); token != nil {
+			delete(query.Headers, "Authorization")
+			query.Headers["Authorization"] = fmt.Sprintf("%s %s", token.Type(), token.AccessToken)
+		}
+	}
+
 	pbQuery := &pluginv2.QueryDataRequest{
 		PluginContext: &pluginv2.PluginContext{
 			OrgId:                      ds.OrgId,