Fixes #6344 API improvements (#6345)
* Fixes #6344 API improvements
Centralized the key location in the RestConfig class into the
ServerConfig class.
Added some helper methods to the AccessTokenEntity for whether the token
is revoked or expired.
Added better error logging in the validate redirect uri so that api
consumers can see why their client api request fails if the redirect_uri
does not match in the authorization_code grant.
Fixed the chrome CORS security complaint about the
Access-Control-Allow-Credentials being used alongside a wildcard
Access-Control-Allow-Origin header. I use the passed along origin since
we've already validated at this point the AccessToken and verified it
against a redirect_uri of the client.
Added a helper method for better type safety checking w/ the
RestApiScopeEvent.
* Rearrange trait imports.