[TT-5894] Handle not-before-policy notification for compromised OIDC tokens

[cuttingedge1109]

Tyk comes with support for OpenID Connect (OIDC) Identity Tokens provided by any standards compliant OIDC provider. https://tyk.io/docs/advanced-configuration/integrate/api-auth-mode/open-id-connect/#setting-up-oidc

Main auth flow works correctly. But I request a solution for compromised tokens.

In Keycloak, if an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid. https://www.keycloak.org/docs/latest/server_admin/index.html#compromised-access-and-refresh-tokens not-before-policy consists of time and is pushed to client's admin url.

But now tyk has no endpoint to receive this from keycloak. I suggest that tyk has an endpoint to receive not-before-policy and if access token is issued before not-before-policy time, reject access (access token includes iat(Issued At) claim so we can check).

In this way, compromised access tokens are revoked.