Refactor authentication to use Okta authorization server

[robertjd]

Authentication now happens against an Okta Authentication Server

Token validation is done with the Okta access token, and the application users API.

Logout uses revoke on the Authorization Server.

Begin writing the changelog for this next major version.

Tests will be failing in this PR, as I have not yet addressed the functional differences, or the change to ES6 classes.

This branch still requires you to provide Stormpath configuration somewhere, as I haven't yet removed those dependencies.

Todos:

• [x] Example configuration block in changelog should not use literal values, use example values e.g. https://dev-<my org id>.oktapreview.com
• [x] Remove ES6 code, we've decided not to force a Node upgrade during the transition.
• [x] The authorization server configuration can be discovered through the API, so we should do this so that the developer only needs to specify their API token and app ID.
• [ ] More help around creating an application and authorization server. I want to create a screencast where I walk through this, as it's a lot of moving parts.
• [x] New authentication result from Okta oauth endpoint needs to match OAuthPasswordGrantAuthenticationResult as much as posssible
• [x] Normalize base URL trailing slash
• [x] Attempt to get some of the IT tests running

[mraible]

What do I need to change in this file to make this work with Okta?

https://github.com/stormpath/stormpath-angular2-express-example/blob/master/server/server.js

Related: how do I setup my Okta instance to work with this?

[robertjd]

Thanks @mraible , great questions. Take a look at the mods to the changelog? If it's not clear let me know and I'll get more detailed. As we go through this migration I want to use the changelog to collect all the notes.

[coveralls]

Coverage decreased (-53.6%) to 13.643% when pulling 3e8953c509441f912f6db519c9a72f69cf38e3ac on okta-authentication into ecd114be568f87918ac295cd8b84080f8b10bfe6 on 4.0.0.