Support OIDC device flow

[DiamondJoseph]

I have an application that currently makes use of the oauth2 device flow as it is a command line client while awaiting development of a web front end.

I'd like to test that the device flow is implemented correctly, e.g. that when the authentication server times out the request it is handled gracefully, that requests waits until the authentication server reports that the user has confirmed their identity out of band.

From my understanding, this would involve (for these examples, issuerId=main)

• An additional endpoint at http://localhost:8080/main/device
• An additional entry to the .well_known dictionary: "device_authorization_endpoint": "http://localhost:8080/main/device/code",
• The ability to configure the behaviour of the device endpoint: what it returns as "device_code, user_code, verification_uri, verification_uri_complete expires_in (lifetime in seconds for device_code and user_code), and polling interval"
• The ability to configure behaviour of an example device flow: number of polls or polling intervals to wait before reporting success/failure, whether to expect a call at the device endpoint before reporting success/failure.