Handle OIDC user invalidation from OIDC provider.
Ths commmit ensures that when user's token is invalidated OIDC provider, he cannot access protected resource in Harbor with the user info in his session. We share the code path with secret verification b/c the refresh token can be used only once, so it has to be stored in one place. Signed-off-by: Daniel Jiang <email@example.com>
Showing with 101 additions and 58 deletions