Fixes #46972.

The current OIDC opaque token check has been proved with #46990 to be incomplete.
Signed JWT tokens have 3 parts separated by 2 dots which is what the current light weight check does, but it can be just a concidence, the binary tokens may have random 2 dots in the sequence as well.
The side-effect highlighted by #46972 is that a binary refresh token with 2 dots is assumed to be JWT, and the parsing exception escapes causing a failure.
While #46972 can be fixed by only adding another exception catch block as done in this PR, I've also updated the opaque token check which is done in other code branches - it did not cause side-effects so far but might if not fixed