Fixed
- Handle token expiration when there is no ``refresh_token`` or no token URL (39)
Changed
- Restore the `OVERWRITE_REDIRECT_URI` configuration option as `OIDC_OVERWRITE_REDIRECT_URI`.
- The `redirect_uri` that is generated and sent to the ID provider is no longer forced to HTTPS, because the [the OIDC spec]( https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) is actually only a strong recommendation (35). You can use `OIDC_OVERWRITE_REDIRECT_URI` if you want to force it to HTTPS (or any other URL).