This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens.
Require 'openid' in scope for all requests. Require 'offline_access' for returning refresh token.
