Support for the OIDC session-expired page

[sberyozkin]

Description

Today, if the user session has expired and can not be refreshed for some reasons, the user will be redirected to the OIDC provider to re-authenticate. This is correct but can be a poor UX, imagine the authenticated user accesses the internal account details and suddenly facing a Keycloak or Auth0 authentication screen.
Applications should have an option to have users with the expired session redirected to an application specific screen that will inform the user the session has expired and the user must be reauthenticated

Implementation ideas

Add a property which points to this page.
Also, when the session has expired, an ExpiredSessionException can be thrown, so that users could capture it with the JAX-RS mapper and redirect with a custom Response

[quarkus-bot]

/cc @pedroigor (oidc)

[calvernaz]

This is an important usability feature because normally XHR or Fetch API requests would not trigger a redirect to the OIDC IdP login page. If we want to be consistent across applications (not counting on the client handling the 401 error), redirect the client (if they follow redirects) to the IdP login page is much better than failing silent in the background, where requests are being failing with 401, but the user doesn't actually know until it navigates to some view that is not cached.

[sberyozkin]

@calvernaz Sure, the PR is on the way, just in case though, we suggest a workaround for SPAs in case they do need to manage redirects, see https://quarkus.io/guides/security-oidc-code-flow-authentication#single-page-applications