*: update mailgun-go to remove dependency on deleted simplehttp pkg

build with go 1.6 and actually push to quay

scope: don't validate empty scopes

If an empty scope is somehow passed along, it shouldn't be validated
when checking refresh token scope.

Allow specification of client_{id, secret} in admin api

You can specify your own client ID and secret!

Implement Public Clients

When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to
an internal dex page where the user is shown the code and instructed to
paste it into their app.

When calling manager.Authenticate, logs now show different error
messages.

* disallow ClientCreds for public clients
* clients can only redirect to localhost or OOB

Metadata is not enough these days - we're going to need access to the
Public field as well.

and update docs

  * Start Documentation

* validation of client moved into its own method and tested
* public clients have different validation - must have no redirect URIs
  and must have a clientName set

Revert "Use Github templates for issues/proposals"

The proposal templates was not intended to be show for every issue,
only for proposal. Revert that issue template and add more general
one in a follow up commit.

This reverts commit 09cb3857.

*: add --enable-automatic-registration flag to worker

For remote connectors, allow users to skip registration.

Remove old client_resource api

go 1.5.4 accepts just about anything as a URL, so instead just trigger
with blank URL

API Driver is dead: This API turns out to not be super useful, requiring
an existing client to create other clients is weird.

Long live API Driver? Let's use Dynamic Client API and the bootstrap API
to create a better API Driver! LONG LIVE API DRIVER.

...and dependent code.

The only thing using this AFAIK is dexctl in api_driver mode, which
no-one uses - it's a sort of weird API which requires a client to create
other clients, and gives all clients the ability to list all other
clients. So we are removing it.

Cross client refresh tokens

Before,  this logic was only in the OIDCServer.CodeToken() method; now it has been
pulled out so that other paths, like OIDCServer.RefreshToken() can use
it.

The net affect, is that now refresh tokens can be used to get
cross-client authenticated ID Tokens.

A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes

vendor: update go-oidc to add support for Azure AD

Update github.com/coreos/go-oidc/ to include coreos/go-oidc#87
which adds support for Azure AD