Add UserInfo JWT response support

[asleire]

Fixes #635

• JsonService now has an optional jwtHandler parameter.
  • If this parameter is set, application/jwt is added to valid content types. When receiving a valid response with content type application/jwt, the jwtHandler will be invoked rather than simply parsing the response body as JSON.
  • The handler is responsible for validating the JWT and extracting its payload
• UserInfoService now creates a JsonService using a custom jwtHandler. The handler code is copied from ResponseValidator with minor adaptions.
• JoseUtil.validateJwt now has an optional timeInsentive parameter which defaults to false. If this value is true, the claims iat, nbf and exp will not be validated.
  • These claims are not mentioned in the OpenId 1.0 Spec (5.3.2/5.3.4)
• A new setting has been added: userInfoJwtIssuer?: 'ANY' | 'OP' | string;
  • Determines how the UserInfo JWT's issuer claim is validated
    • ANY means the issuer claim is ignored
    • OP means the issues claim must match the OP's issuer identifier URL
    • string allows for a custom specified issuer
  • The OpenID 1.0 spec (5.3.2) recommends that an issuer claim is included and that it equals the OP's issuer identifier URL, but this is not required

[brockallen]

Hi -- I finally had time for this and it looks great. What OP are you using that returns JWTs from user info?

[asleire]

Hi -- I finally had time for this and it looks great. What OP are you using that returns JWTs from user info?

It's a Norwegian identity provider called BankID

[brockallen]

There are some conflicts -- do you mind having a look?

[asleire]

Conflict has been resolved

[brockallen]

Merged, thanks

[brockallen]

1.7.0-beta.1 has been published to npm, please test and see if it's working for you.

[asleire]

Tested, it works :-)

By the way there's a duplicate property "expires_in" in https://github.com/IdentityModel/oidc-client-js/blob/dev/index.d.ts causing a compliation error