Support sync of groups from OAuth server

[bsekar]

To support OAuth based authorization, this change supports reading groups information in the OAuth token. Some things to note

1. Groups sync will only happen based on whitelist, to prevent unwanted additions/removal.
2. Note that user will be removed from an existing group if that group is part of the whitelist and the user token does not contain this group.
3. Groups will not be created on the fly. They will have to be pre-created in TC.

Signed-off-by: Bharath Sekar bsekar@guidewire.com Signed-off-by: Ghata Khasakia gkhasakia@guidewire.com Signed-off-by: Mark Huang mhuang@guidewire.com Signed-off-by: Marta Kondratowicz mkondratowicz@guidewire.com Signed-off-by: Andy Harris aharris@guidewire.com

[zivagolee]

@pwielgolaski Is there any updates on this? I would like to see if we can use this to auto assign roles based upon the oauth group.

[pwielgolaski]

@zivagolee, PR has open comments, so I wait for fixes or comments why it must be this way.

[bsekar]

Will try to update this PR soon

[bsekar]

@pwielgolaski Thanks for reviewing. I've updated the requested changes.