Relax the requirement to use parameters --token-client-secret-filename and --token-client-secret-filename when using OIDC. The secret is not required if the IDP is doing x509 authentication.

Add the parameter --token-scopes

Parse token response JSON with jq if jq is present.