Create RFC7662 TokenIntrospectionFactory

[sberyozkin]

RFC 7662 talks about OAuth2/OIDC servers returning token introspection responses.
Keycloak also implements it: https://issues.jboss.org/browse/KEYCLOAK-2266

Having such a factory will let the users (optionally) integrate with any certified OIDC servers. It will also allow to support the encrypted tokens issued by such servers (which choose to encrypt them) since importing the private keys of these providers into MP-JWT endpoints is not possible.

[sberyozkin]

Might require a provided smallrye-rest-client dependency

[sberyozkin]

Now that we have split the implementation into sub-modules, the solution to this issue becomes clearer:

• introduce smallrye-jwt-introspection module which will have
• CDI Alternative JWTCallerPrincipalFactory which will use Mutiny Vert.x WebClient to introspect a token
• If the introspected token is active and it is JWT then DefaultJWTTokenPrincipal is returned
• if it is not JWT then it is created from the introspection response which may include the username and a few other properties which can be converted into claims

[cotnic]

hello @sberyozkin, can I help out with this issue?