Add support for token refresh to the OAuth plugin

[nyergler]

The OAuth plugin currently does not support token refresh, as described in the OAuth specification. This is needed to allow Android clients (among others) to refresh their tokens as they expire. It appears there was some planning for this, as a refresh_token field exists in the OAuthToken model, but it is currently unpopulated.

This work may overlap with work on #517.

[joar]

I've pushed a fix for this in the oauth/refresh_tokens branch at git@github.com:joar/mediagoblin.git

Edited to remove really long diff.

[Christopher Allan Webber]

Yeowch, that's a huge diff and is kind of making this bug report long! I wonder if we should be careful about that...

anyway, adding nyergler as CC'ed. I don't think I'm well qualified to review this. Maybe Nathan is?

If it comes close to 0.4.0 and nobody else has time to review I can do a rough review and we can just merge it but I'm not really well qualified at all.

[nyergler]

I read ​https://github.com/joar/mediagoblin/compare/master...oauth;refresh_tokens carefully and believe this is merge-able. I haven't tried executing it, but have don't see anything glaring. The relational model for our OAuth plugin is a little weird (foreign keys to both client and user, when I believe a client is specific to a user already), but this patch is consistent with the existing code.

I say merge it!

[nyergler]

Merged in ​https://gitorious.org/mediagoblin/mediagoblin/commit/64598a79a9648416e9cc49349e57190792cc59f2.