handle refresh tokens in Auth::OpenIDConnect
Summary
Currently, the refresh token sent by OPs is not saved, which means session cannot be refreshed (#1980 (closed))
Design proposition
Implementing refresh tokens in Auth::OpenIDConnect might also be useful for #2083 and #2700