Improve authn/authz

[pohlm01]

Currently, our authentication mechanism lacks support for various features:

• Access tokens cannot be revoked, but only expire
  • We should implement some logout mechanism
  • Admins must be able to ban clients
• We do not support refresh tokens
• We might re-evalute how standard or best-practices conform the integration with an external OAuth provider is. Maybe, we should implement the OpenID connect approach?

This is mainly meant as an issue to not forget about things that came to my mind. Probably, we should think about the exact architecture and implications before implementing changes.