Add support for using OIDC tokens via the Docker CLI

oauth/oidc.py

@@ -89,7 +89,7 @@ class OIDCLoginService(OAuthService):
       'OIDC': True,
     }
 
-  def exchange_code_for_login(self, app_config, http_client, code, redirect_suffix):
+  def exchange_code_for_tokens(self, app_config, http_client, code, redirect_suffix):
     # Exchange the code for the access token and id_token
     try:
       json_data = self.exchange_code(app_config, http_client, code,
@@ -109,9 +109,16 @@ class OIDCLoginService(OAuthService):
       logger.debug('Missing id_token in response: %s', json_data)
       raise OAuthLoginException('Missing `id_token` in OIDC response')
 
+    return id_token, access_token
+
+  def exchange_code_for_login(self, app_config, http_client, code, redirect_suffix):
+    # Exchange the code for the access token and id_token
+    id_token, access_token = self.exchange_code_for_tokens(app_config, http_client, code,
+                                                           redirect_suffix)
+
     # Decode the id_token.
     try:
-      decoded_id_token = self._decode_user_jwt(id_token)
+      decoded_id_token = self.decode_user_jwt(id_token)
     except InvalidTokenError as ite:
       logger.exception('Got invalid token error on OIDC decode: %s', ite.message)
       raise OAuthLoginException('Could not decode OIDC token')
@@ -181,7 +188,7 @@ class OIDCLoginService(OAuthService):
       logger.exception('Could not parse OIDC discovery for url: %s', discovery_url)
       raise DiscoveryFailureException("Could not parse OIDC discovery information")
 
-  def _decode_user_jwt(self, token):
+  def decode_user_jwt(self, token):
     """ Decodes the given JWT under the given provider and returns it. Raises an InvalidTokenError
         exception on an invalid token or a PublicKeyLoadException if the public key could not be
         loaded for decoding.