starlette: Allow to provide access token in authorization header
requested to merge anlambert/swh-auth:starlette-allow-access-token-in-authorization-header into master
Previously the OpenID Connect backend was only allowing to provide a refresh token in authorization header for convenient access token renewal when querying a GraphQL service outside of a browser.
When one wants to query a GraphQL service inside a browser, the access tokens are usually created and renewed client-side so also allow to provide an access token in the authorization header. In that case, the backend will simply try to decode it in order to authenticate the user.
Related to swh-graphql#4652