Support generic OpenID Connect login provider
The current Google login implementation uses OpenID Connect, but it's hardwired to use the Google endpoint, and it uses the Google People API to look up alternate email addresses.
This feature adds config keys to specify an OpenID Connect endpoint as the login provider.
Clusters: zzzzz: Login: OpenIDConnect: Enable: true Issuer: https://accounts.example.com ClientID: aaaaaaaaaaa ClientSecret: zzzzzzzzzzzz
There's no user-facing chooser page: only one (Google or generic OIDC endpoint) can be configured at a time.Implementation:
- rename googleLoginController to oidcLoginController
- use client ID/secret from whichever set of config keys (OpenIDConnect or Google) is in play
- if using OIDC keys, don't attempt the Google People API lookup
#2 Updated by Peter Amstutz 3 months ago
Also need to support standard claims: