moves /oidcendpoints into /auth/external/openid-connect-....
moves /social/{provider} endpoints into /auth/external/{provider}`
introduces internal/settings package for settings management (it is db-table agnostic, does not care about permissions, provides a set of helper functions & types to ease settings management)
introduces system/internal/settings - wrapper for internal/settings
introduces system/settings endpoints (messagin, crm/compose will follow the same priciple)
all cli code is moved out of cmd/system-cli to system/cli
added settings management cli commands
all four (standard) providers are now configured from (db) settings
support for arbitray number of OIDC providers
Todo:
[x] add permission check under system/internal/settings
[x] write instructions on how to migrate from .env to settings for external auth
[x] write instructions how to configure external auth on first deploy
[x] additonal checks & testing for all external auth flows
[x] make sure user email is always unique
[x] remove obsolete ("social") config/flags
[x] fix empty credential types
Future:
[x] ability to enable/disable new user registration (only pre-created users)
[x] ability to enable/disable "local" user
[x] support for local users
[ ] add ability to read & apply new external-auth settings without restarting the whole service
This PR changes:
/oidcendpoints into/auth/external/openid-connect-..../social/{provider}endpoints into /auth/external/{provider}`system/internal/settings- wrapper forinternal/settingssystem/settingsendpoints (messagin, crm/compose will follow the same priciple)cmd/system-clitosystem/cliTodo:
Future: