Implement OIDC flow that results in a query sent to the f-API including access and ID tokens

[alyssadai]

(this assumes the implicit OAuth2 scheme)

• Query tool will redirect user to authenticate using IdP
• Query tool should get back a code from IdP (via a redirect URL)
• Query tool provides code back to IdP to get an access token and ID token in exchange
  - [ ] Query tool needs to verify received ID token's validity using IdP's public keys (existing JWT libraries have functionality to do this)
• (Maybe) Query tool can then exchange access token for user profile pic from identity resource API
  • or, alternatively, query tool just displays the IdP user ID directly
• Query tool now displays the user profile pic from IdP, and can also display the name (taken from the ID token probably)
• When user submits a query, query tool sends a request to f-API, along with the ID & access tokens

Questions

• Do we want to make it so the user doesn't have to login on every refresh? i.e., do we want to use a session?
• Why doesn't Google Authentication work as expected with 127.0.0.1?
  • Relevant docs: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#origin-validation