Updating omniauth to not allow for old token to be passed

[leefaisonr]

Expected Behavior

Only a CAS-authenticated user with a vaild CSRF token should be allow access into orcid staging and prod.

Current Behavior

Currently, a user with any CSRF token may be able to authenticate into orcid.

Implementation notes

These are links for potential refactors to the code that would add extra security for authentication into orcid for users through CAS.

• Verify that the token is valid
• possibly change to post

See: #151 See line

Acceptance Criteria

• Create the token verifier and hook it into our system
• We can still login on the server via CAS

[leefaisonr]

Possible solution: omniauth-rails_csrf_protection —> gem installation used to patch security holes for omniauth

[carolyncole]

Hey team! Please add your planning poker estimate with Zenhub @bess @hectorcorrea @JaymeeH @jrgriffiniii @kelynch @leefaisonr