PR for Issue 12409: Add config attributes for OAuth introspection claim requirements

[ayoho]

Resolves #12409

This PR adds two new boolean attributes to the OpenID Connect client configuration:

• requireIatClaimForIntrospection
• requireExpClaimForIntrospection

The default value for each is true, meaning the existing behavior is preserved where an error is returned if the exp or iat claims are missing from the token introspection response.

When these attributes are set to false, the respective claims are not required to be in the introspection response. Nonetheless, if the claim is present in the response, it will still be checked to ensure it is valid (e.g. we'll validate the exp claim to make sure the token isn't expired).

[ayoho]

#build
#spawn.fullfat.buckets=com.ibm.ws.security.openidconnect.client_fat,com.ibm.ws.security.openidconnect.client_fat.config,com.ibm.ws.security.openidconnect.client_fat.e2e,com.ibm.ws.security.openidconnect.client_fat.jaxrs,com.ibm.ws.security.openidconnect.client_fat.saml,com.ibm.ws.security.openidconnect.client_fat.spnego,com.ibm.ws.security.openidconnect.server_fat,com.ibm.ws.security.openidconnect.server_fat.config,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.DerbyDB.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.DerbyDB.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.LocalStore.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.LocalStore.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.DerbyDB.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.DerbyDB.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.LocalStore.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.LocalStore.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.authorize,com.ibm.ws.security.openidconnect.server_fat.endpoint.clientregistration,com.ibm.ws.security.openidconnect.server_fat.endpoint.coveragemap,com.ibm.ws.security.openidconnect.server_fat.endpoint.discovery,com.ibm.ws.security.openidconnect.server_fat.endpoint.end_session,com.ibm.ws.security.openidconnect.server_fat.endpoint.introspect,com.ibm.ws.security.openidconnect.server_fat.endpoint.revoke,com.ibm.ws.security.openidconnect.server_fat.endpoint.token,com.ibm.ws.security.openidconnect.server_fat.endpoint.userinfo,com.ibm.ws.security.openidconnect.server_fat.feature,com.ibm.ws.security.openidconnect.server_fat.granttype.jwt,com.ibm.ws.security.openidconnect.server_fat.gui.tokenMgmt,com.ibm.ws.security.openidconnect.server_fat.jaxrs,com.ibm.ws.security.openidconnect.server_fat.jaxrs.config,com.ibm.ws.security.openidconnect.server_fat.oauth,com.ibm.ws.security.openidconnect.server_fat.oidc,com.ibm.ws.security.openidconnect.server_fat.saml,com.ibm.ws.security.openidconnect.server_fat.spnego,com.ibm.ws.security.social_fat,com.ibm.ws.security.social_fat.LibertyOP,com.ibm.ws.security.social_fat.delegated,com.ibm.ws.security.social_fat.multiProvider

[LibbyBot]

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_WXCPALTEEeqI3q2xeI2nKA

Target locations of links might be accessible only to IBM employees.

[LibbyBot]

Your Open Liberty build results are ready for viewing.

• Unit test results are at http://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/personal/_WXCPALTEEeqI3q2xeI2nKA/junit/index.html.
• Gradle log and image zip are at http://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/personal/_WXCPALTEEeqI3q2xeI2nKA.

[LibbyBot]

The build ayoho-12745-20200622-2119
https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_WXCPALTEEeqI3q2xeI2nKA
completed successfully!

[ayoho]

#run-libby-bot
#build
#spawn.fullfat.buckets=com.ibm.ws.security.openidconnect.client_fat,com.ibm.ws.security.openidconnect.client_fat.config,com.ibm.ws.security.openidconnect.client_fat.e2e,com.ibm.ws.security.openidconnect.client_fat.jaxrs,com.ibm.ws.security.openidconnect.client_fat.saml,com.ibm.ws.security.openidconnect.server_fat,com.ibm.ws.security.openidconnect.server_fat.config,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.DerbyDB.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.DerbyDB.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.LocalStore.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-passwords.LocalStore.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.DerbyDB.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.DerbyDB.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.LocalStore.jwt,com.ibm.ws.security.openidconnect.server_fat.endpoint.app-tokens.LocalStore.opaque,com.ibm.ws.security.openidconnect.server_fat.endpoint.authorize,com.ibm.ws.security.openidconnect.server_fat.endpoint.clientregistration,com.ibm.ws.security.openidconnect.server_fat.endpoint.coveragemap,com.ibm.ws.security.openidconnect.server_fat.endpoint.discovery,com.ibm.ws.security.openidconnect.server_fat.endpoint.end_session,com.ibm.ws.security.openidconnect.server_fat.endpoint.introspect,com.ibm.ws.security.openidconnect.server_fat.endpoint.revoke,com.ibm.ws.security.openidconnect.server_fat.endpoint.token,com.ibm.ws.security.openidconnect.server_fat.endpoint.userinfo,com.ibm.ws.security.openidconnect.server_fat.feature,com.ibm.ws.security.openidconnect.server_fat.granttype.jwt,com.ibm.ws.security.openidconnect.server_fat.gui.tokenMgmt,com.ibm.ws.security.openidconnect.server_fat.jaxrs,com.ibm.ws.security.openidconnect.server_fat.jaxrs.config,com.ibm.ws.security.openidconnect.server_fat.oauth,com.ibm.ws.security.openidconnect.server_fat.oidc,com.ibm.ws.security.openidconnect.server_fat.saml

[LibbyBot]

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_L4NU4LViEeqI3q2xeI2nKA

Target locations of links might be accessible only to IBM employees.

[LibbyBot]

Code analysis and actions

DO NOT DELETE THIS COMMENT.

• 5 product code files were changed.

• Please describe in a separate comment how you tested your changes.

• 1 NLS files were changed and need an ID review.

• @OpenLiberty/message-reviewer Please review.

• dev/com.ibm.ws.security.openidconnect.client/resources/OSGI-INF/l10n/metatype.properties

[LibbyBot]

Your Open Liberty build results are ready for viewing.

• Unit test results are at http://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/personal/_L4NU4LViEeqI3q2xeI2nKA/junit/index.html.
• Gradle log and image zip are at http://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/personal/_L4NU4LViEeqI3q2xeI2nKA.

[LibbyBot]

The build ayoho-12745-20200623-1608
https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_L4NU4LViEeqI3q2xeI2nKA
completed successfully!