Currently, we deliver our own OAuth server integrated in the VTN. The specification does not require this, i.e., it allows for any OAuth provider.
We should make our implementation optional and allow configuring a 3rd party provider. From what I foresee, the configuration requires at least a shared or public secret for token validation and a login URL.
This task could be split in two: One for the VTN and one for the VEN library.
[ ] The VTN likely needs some feature flag and/or configuration for disabling the OAuth provider functionality and configuration of the shared or public secret to validate the authentication token.
[ ] The VEN requires a configuration for an authentication URL separate from the VTN URL.
Currently, we deliver our own OAuth server integrated in the VTN. The specification does not require this, i.e., it allows for any OAuth provider. We should make our implementation optional and allow configuring a 3rd party provider. From what I foresee, the configuration requires at least a shared or public secret for token validation and a login URL.
This task could be split in two: One for the VTN and one for the VEN library.