Added refreshing OIDC ID token as an optional feature

[Razz4780]

Solves #1223

Motivation

When OIDC is configured as the authentication method in the kubeconfig, the ID token is never refreshed. This feature is implemented in other tools, e.g. kubectl.

Solution

Added a new feature oidc. When this feature is enabled and the auth provider config contains enough info to enable refreshing, the ID token is refreshed when it's near or past its expiration date.

Implementation requires extra optional dependency on form_urlencoded.

[clux]

thank you so much for doing this, this looks great.
have left only some minor comments on it so far, but layout wise it looks very much like what we need for this.

for the million dollar question; does it work? :D
i don't know exactly what we can do to test this (we are not really testing the other oauth flow either), if you have any ideas for it it would be welcome.

[Razz4780]

for the million dollar question; does it work? :D i don't know exactly what we can do to test this (we are not really testing the other oauth flow either), if you have any ideas for it it would be welcome.

I'm trying to setup some auth flow to test this manually, but I'm failing :V

[clux]

I'm trying to setup some auth flow to test this manually, but I'm failing :V

this is a hard one to test. i am okay with getting this released and getting user feedback for now. it does match the state of how things are in oauth (even though of course having tests for it would be better).

[codecov]

Codecov Report

Merging #1229 (ea95547) into main (5806a2d) will decrease coverage by 0.97%.
The diff coverage is 53.89%.

❗ Current head ea95547 differs from pull request most recent head 89c40d0. Consider uploading reports for the commit 89c40d0 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1229      +/-   ##
==========================================
- Coverage   73.04%   72.08%   -0.97%     
==========================================
  Files          69       71       +2     
  Lines        5525     5714     +189     
==========================================
+ Hits         4036     4119      +83     
- Misses       1489     1595     +106     

Impacted Files	Coverage Δ
kube-client/src/client/auth/mod.rs	50.47% <0.00%> (-2.24%)	⬇️
kube-client/src/client/mod.rs	70.76% <ø> (ø)
kube-client/src/client/auth/oidc.rs	56.84% <56.84%> (ø)

... and 1 file with indirect coverage changes

[clux]

NB: Ignore the cargo deny bans issues. Not your fault and this occasionally happens sans-lockfiles. Will be addressed separately.

[clux]

tests are looking great. just found one minor nit when verifying the documentation for it looked OK. have added a small diff.