Support scope, logout, status

[tft7000]

In case you are interested, I added few extensions to this project:

• It is possible to add the scope via argument or env var (oidc_scope). This is useful if you want to test, that your OP is sending the right claims with the given scopes. (optional)
• It is possible to set the content_type of the RP output (page_content_type). This is useful if you want to e2e test e.g. with cypress. Cypress seems to only like html pages for visits. (optional)
• an endpoint /logout has been added that points to the same code. The underlaying library treats this automatically as logout. At the same time it is possible to define the post_logout_redirect_uri, so that the OP can redirect back. This is useful, if you want to test the OIDC logout feature.
• an endpoint /status has been added that just shows a json object to find out, if you are logged in or not. This is usefull, e.g. after a logout. So it could be the default redirect URI.
• in case you need the encoded id_token, it will now be shown on the debug page. This is mainly useful, if you want to call the OP logout endpoint yourself.

thanks for your effort, this project is helpful for me!

[thomasleplus]

@tft7000 I've just read your PR's summary so far but it makes complete sense. Give me a few days to find the time to review your code properly and do some testing but I am already looking forward to merge this in.

Coincidently I am working on upgrading lua-resty-openidc to the newly released 1.8.0 which has some breaking changes. Hopefully nothing that will impact what you did but that's why I want to test both together.

Thank you for your generous contribution!

[thomasleplus]

@tft7000 I am done rebasing the branch and merging the PR. Now I just have to think about how to release this but meanwhile it's already available via the docker hub tag leplusorg/openid-connect-provider-debugger:main.

Thank you again for your neat contribution.

[tft7000]

@thomasleplus : thank you very much!

I tested the updates and I get an error error opening session (missing session audience) on return from authentication. ~The error seems to be introduced by the change from openresty:1.25.3.1 -> 1.25.3.2 (FROM openresty/openresty:1.25.3.1-alpine-fat@sha256:17868b5ec232561bc64862160296c3f8480650bc4cbc19b88e056750bd78f527 to FROM openresty/openresty:1.25.3.2-alpine-fat@sha256:aa8ea52fa35a296558aed8b392fb39d575e39dd4a7717fa44f1fd6fc09c1185d).~ At least if I change that line back, it seems to work again. I will have a look, if I see the problem.

Edit:

• The problem seems to be, that https://github.com/zmartzone/lua-resty-openidc updated to v1.8.0 in the meanwhile
• They incorporate the v4.x version of https://github.com/bungle/lua-resty-session
• The current session calls do not work with that session version somehow.

To fix the current built the Dockerfile needs to add --pin 1.7.6 to the oidc lib:

&& /usr/local/openresty/luajit/bin/luarocks install lua-resty-openidc --pin 1.7.6 \

What do you think?