We currently don't support sessions in the console backend when running with a default openshift oauth configuration. We have a few endpoints that require us to validate user tokens, and we do so by making TokenReview requests to the API server. This is not ideal because it means every request to these endpoints actually require us to make two requests to the API server; the TokenReview, then the delegated API server request represented by that endpoint. To eliminate these extra TokenReview requests, we need to implement user sessions like the what is used in the standard OIDC authentication configuration.

AC:

• The OpenShift OIDC auth config supports sessions, similar to the standard OIDC authentication configuration
• TokenReview middleware is removed, replaced by validation using session

Stretch:

• User session should be added to request context so that we can remove the "user" argument from auth middleware handler functions.