Update oidc to not check nonce on refresh token.

[dagdynamik]

Update oidc to not check nonce on refresh token. as the oauth2 librar…y dosnt support sending nonce

oauth proxy fails to verify refreshed acces token session. there is nothing wrong with the new tokens. but the library used to call refresh token dosnt support sending nonce. and thereby the id token coming back will not have nonce either. and as far as i found the spec dosnt say to use nonce on refreshing(not shure), but atleast it wont work with current token library.

Description

i added a helper string to stateobject so it knows this is a refresh call, so that nonce check can be skipped

Motivation and Context

refreshing session on oidc dosnt work unless your skipping nonce check

How Has This Been Tested?

i am testing this in my own staging enviroment, where i set acces token to 20sec and refresh in oauth2 to 10sec. and it succesfully refreshes after 10 and before 20sec, and also succesfully after 20 sec passed.