In order for authenticated and authorized users to easily generate and revoke their bearer tokens to lift Web API rate limit, a dedicated Web UI must be added.

The workflow will be the following. When clicking on a "Generate token" button, user will be asked to enter his password again and if it is valid, an offline
refresh token will be generated by sending a request to the Keycloak server. This token will then be encrypted, using a key derived from the user password
and a salt value, and stored to database.

The UI will also display a list of tokens generated so far by a user and two actions will be offered for each of them: "Show token" and "Revoke token".
Those actions will also be protected by the user password.