Offer token exchange from Relying Party for OIDC Authentication

Current Situation

• The JS7 - OIDC Identity Service implements authentication/authorization across the parties of JOC Cockpit API (Application, Relying Party), JOC Cockpit GUI (Client) and OIDC Server (Identity Service Provider).
• The final step in authentication includes that the Client exchanges tokens with the Identity Service Provider. While this is covered by OAuth2 specifications, it can include to open a network connection by the Client.

Desired Behavior

• Some customers wish that the final step in authentication is performed between Relying Party and Identity Service Provider to prevent additional network connections from being used.
• The implementation of the final step is shifted from the Client (JOC Cockpit GUI) to the Relying Party (JOC Cockpit API).