Accept/Mark Skip SSL verification while fetching JWKs keys

[gem-aman]

Is your feature request related to a problem? Please describe.

We have Okta as IDP which is serving self signed certs. While making the GET and POST requests to OKTA for code and token exchange, verify=False works fine. While the call made to authorize_access_token requests for JWKs which has no way to skip SSL verification even if it passed while registering the app.

Describe the solution you'd like

• If while registering the app, verify=False is provided, all the requests to IDP must be skipping SSL verification
• An option should be given if token claim should be added or not, right now it is added a claim userinfo which might not be needed by all. The tokens can very well be validated and read. There can be cases where token modification might not be needed

Describe alternatives you've considered Using oauth2session directly to construct URLs and requests for just tokens.