Do not do provider reauthentication without refresh_token

[shiv-tyagi]

Closes #1218

There can be scenarios where the provider doesn't return refresh token due to missing scopes (see #1215). In those cases the user is prompted to enter local password, then the broker tries to reauthenticate, which of couse fails and the user has to again go through the whole long authentication cycle from the beginning and get a new access token.

In such scenarios, we should not do a token refresh with provider unless force_provider_authentication is explicitly set.

If a user has the access token (and not refresh token), we should let them in till that token expires. I understand that reauthentication is needed to ensure a user still has access or not. But if the broker failed to get the refresh token earlier and the admin has not enfored the provider authentication on every login, I think it is okay if the user still gets access using local password.

We anyways allow the same if the machine is offline.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.53%. Comparing base (bbd1cb6) to head (459fa44).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1217      +/-   ##
==========================================
- Coverage   87.56%   80.53%   -7.03%     
==========================================
  Files          91       20      -71     
  Lines        6231      971    -5260     
  Branches      111        0     -111     
==========================================
- Hits         5456      782    -4674     
+ Misses        719      189     -530     
+ Partials       56        0      -56     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.