While working on T2267, I noticed a couple of improvements could be added to the
OIDC auth backend implementation:
- there is no need to query the `userinfo` endpoint of the OIDC server when authenticating as those information can also be found in the decoded access token
- use a more reliable access token expiration date (use `exp` timestamp in decoded token)