Use OAuth2 Client Credentials Flow

[adammccartney]

Is your feature request related to a problem? Please describe. It seems like the current authorization flow for grader service is based on parsing a token directly from the request headers.

Describe the solution you'd like It would be great if we could ensure that we are implementing a version of the Client Credentials Flow.

Essentially it might boil down to:

• create a client ID for grader service
• establish a back-channel of communication between it and the authorization server (jupyter hub).

We'd probably also like to establish some basic facts about the user that has started the session and look up what their permission scopes are in a database table somewhere.

Describe alternatives you've considered Authorization by fiat.