Consider allowing for configuration and ordering of access token validation methods

[MartinFlores751]

See the following code:

irods_client_http_api/core/src/common.cpp

Lines 340 to 382 in 3824a09

	// If we're running as a protected resource, assume we have a OIDC token
	if (irods::http::globals::oidc_configuration().at("mode").get_ref<const std::string&>() ==
	"protected_resource") {
	nlohmann::json json_res;
	// Try parsing token as JWT Access Token
	try {
	auto token{jwt::decode<jwt::traits::nlohmann_json>(bearer_token)};
	auto possible_json_res{openid::validate_using_local_validation(openid::token_type::access, token)};
	if (possible_json_res) {
	json_res = *possible_json_res;
	}
	}
	// Parsing of the token failed, this is not a JWT access token
	catch (const std::exception& e) {
	logging::debug("{}: {}", __func__, e.what());
	}
	// Use introspection endpoint if it exists and local validation fails
	static const auto introspection_endpoint_exists{
	irods::http::globals::oidc_endpoint_configuration().contains("introspection_endpoint")};
	if (json_res.empty() && introspection_endpoint_exists) {
	auto possible_json_res{openid::validate_using_introspection_endpoint(bearer_token)};
	if (possible_json_res) {
	json_res = *possible_json_res;
	}
	}
	if (json_res.empty()) {
	logging::error("{}: Could not find bearer token matching [{}].", __func__, bearer_token);
	return {.response = fail(status_type::unauthorized)};
	}
	// Do mapping of user to irods user
	auto user{map_json_to_user(json_res)};
	if (user) {
	return {.client_info = {.username = *std::move(user)}};
	}
	logging::warn("{}: Could not find a matching user.", __func__);
	return {.response = fail(status_type::unauthorized)};
	}

Currently, we perform local validation of access tokens, and fall through to using the introspection endpoint to validate access tokens if local validation fails.

We should allow for the configuration of what validation methods are used, and possibly the order of validation methods used.