FI-563: Omit invalid client ID token refresh test for public clients

[Jammjammjamm]

This branch omits the invalid client ID token refresh test for public clients because that test is only valid for confidential clients. There is no client ID based authentication for public client during a token refresh.

Submitter:

• This pull request describes why these changes were made
• Internal ticket for this PR: https://oncprojectracking.healthit.gov/support/browse/FI-563
• Internal ticket links to this PR
• Internal ticket is properly labeled (Community/Program)
• Internal ticket has a justification for its Community/Program label
• Code diff has been reviewed for extraneous/missing code
• Tests are included and test edge cases
• Tests/code quality metrics have been run locally and pass

Reviewer 1:

Name:

• Code is maintainable and reusable, reuses existing code and infrastructure
  where appropriate, and accomplishes the task's purpose
• The tests appropriately test the new code, including edge cases
• You have tried to break the code

Reviewer 2:

Name:

• Code is maintainable and reusable, reuses existing code and infrastructure
  where appropriate, and accomplishes the task's purpose
• The tests appropriately test the new code, including edge cases
• You have tried to break the code

[arscan]

Why are we passing client_id in the refresh token grant type for non-confidential clients? This doesn't seem right.

https://github.com/onc-healthit/inferno/blob/426e8af6aa9f3d8acd528e84638f973cfc02e400/lib/modules/smart/token_refresh_sequence.rb#L152-L156

[Jammjammjamm]

I agree, that doesn't seem right.

[radamson]

LGTM