authenticate: revoke current session oauth token before sign out
After #926, we don't revoke access token before sign out anymore. It
causes sign out can not work, because right after user click on sign out
button, we redirect user to idp provider authenticate page with a valid
access token, so user is logged in immediately again.
To fix it, just revoke the access token before sign out.
* databroker: add databroker, identity manager, update cache (#864)
* databroker: add databroker, identity manager, update cache
* fix cache tests
* directory service (#885)
* directory: add google and okta
* add onelogin
* add directory provider
* initialize before sync, upate google provider, remove dead code
* add azure provider
* fix azure provider
* fix gitlab
* add gitlab test, fix azure test
* hook up okta
* remove dead code
* fix tests
* fix flaky test
* authorize: use databroker data for rego policy (#904)
* wip
* add directory provider
* initialize before sync, upate google provider, remove dead code
* fix flaky test
* update authorize to use databroker data
* implement signed jwt
* wait for session and user to appear
* fix test
* directory service (#885)
* directory: add google and okta
* add onelogin
* add directory provider
* initialize before sync, upate google provider, remove dead code
* add azure provider
* fix azure provider
* fix gitlab
* add gitlab test, fix azure test
* hook up okta
* remove dead code
* fix tests
* fix flaky test
* remove log line
* only redirect when no session id exists
* prepare rego query as part of create
* return on ctx done
* retry on disconnect for sync
* move jwt signing
* use !=
* use parent ctx for wait
* remove session state, remove logs
* rename function
* add log message
* pre-allocate slice
* use errgroup
* return nil on eof for sync
* move check
* disable timeout on gRPC requests in envoy
* fix gitlab test
* use v4 backoff
* authenticate: databroker changes (#914)
* wip
* add directory provider
* initialize before sync, upate google provider, remove dead code
* fix flaky test
* update authorize to use databroker data
* implement signed jwt
* wait for session and user to appear
* fix test
* directory service (#885)
* directory: add google and okta
* add onelogin
* add directory provider
* initialize before sync, upate google provider, remove dead code
* add azure provider
* fix azure provider
* fix gitlab
* add gitlab test, fix azure test
* hook up okta
* remove dead code
* fix tests
* fix flaky test
* remove log line
* only redirect when no session id exists
* prepare rego query as part of create
* return on ctx done
* retry on disconnect for sync
* move jwt signing
* use !=
* use parent ctx for wait
* remove session state, remove logs
* rename function
* add log message
* pre-allocate slice
* use errgroup
* return nil on eof for sync
* move check
* disable timeout on gRPC requests in envoy
* fix dashboard
* delete session on logout
* permanently delete sessions once they are marked as deleted
* remove permanent delete
* fix tests
* remove groups and refresh test
* databroker: remove dead code, rename cache url, move dashboard (#925)
* wip
* add directory provider
* initialize before sync, upate google provider, remove dead code
* fix flaky test
* update authorize to use databroker data
* implement signed jwt
* wait for session and user to appear
* fix test
* directory service (#885)
* directory: add google and okta
* add onelogin
* add directory provider
* initialize before sync, upate google provider, remove dead code
* add azure provider
* fix azure provider
* fix gitlab
* add gitlab test, fix azure test
* hook up okta
* remove dead code
* fix tests
* fix flaky test
* remove log line
* only redirect when no session id exists
* prepare rego query as part of create
* return on ctx done
* retry on disconnect for sync
* move jwt signing
* use !=
* use parent ctx for wait
* remove session state, remove logs
* rename function
* add log message
* pre-allocate slice
* use errgroup
* return nil on eof for sync
* move check
* disable timeout on gRPC requests in envoy
* fix dashboard
* delete session on logout
* permanently delete sessions once they are marked as deleted
* remove permanent delete
* fix tests
* remove cache service
* remove kv
* remove refresh docs
* remove obsolete cache docs
* add databroker url option
* cache: use memberlist to detect multiple instances
* add databroker service url
* remove cache service
* remove kv
* remove refresh docs
* remove obsolete cache docs
* add databroker url option
* cache: use memberlist to detect multiple instances
* add databroker service url
* wip
* remove groups and refresh test
* fix redirect, signout
* remove databroker client from proxy
* remove unused method
* remove user dashboard test
* handle missing session ids
* session: reject sessions with no id
* sessions: invalidate old sessions via databroker server version (#930)
* session: add a version field tied to the databroker server version that can be used to invalidate sessions
* fix tests
* add log
* authenticate: create user record immediately, call "get" directly in authorize (#931)
