Enable OAuth2 authentication

[ojecborec]

Hello OPAL team. Following PR is enabling OAuth2 authentication for both server and client. Client would send access token generated by Client Credentials grant and server would validate this token by either calling introspect endpoint or reading JWT signature. Please note that I'm not python developer. Any suggestions are welcomed. There's also missing documentation.

To configure OPAL client Docker container.

environment:
  - OPAL_AUTH_TYPE=oauth2
  - OPAL_OAUTH2_CLIENT_ID=$OAUTH2_CLIENT_ID
  - OPAL_OAUTH2_CLIENT_SECRET=$OAUTH2_CLIENT_SECRET
  - OPAL_OAUTH2_TOKEN_URL=https://example.com/token
  # Choose either introspect or JWT validation
  # If you wish to use introspect endpoint for token validation
  - OPAL_OAUTH2_INTROSPECT_URL=https://example.com/introspect
  # Validate JWT signature instead of calling introspect endpoint
  - OPAL_OAUTH2_OPENID_CONFIGURATION_URL=https://example.com/.well-known/openid-configuration
  - OPAL_OAUTH2_EXACT_MATCH_CLAIMS=foo=bar
  - OPAL_OAUTH2_REQUIRED_CLAIMS=client_id,iat,exp

To configure OPAL server Docker container.

environment:
  - OPAL_AUTH_TYPE=oauth2
  - OPAL_OAUTH2_TOKEN_URL=https://example.com/token
  # Choose either introspect or JWT validation
  # If you wish to use introspect endpoint for token validation
  - OPAL_OAUTH2_INTROSPECT_URL=https://example.com/introspect
  # Validate JWT signature instead of calling introspect endpoint
  - OPAL_OAUTH2_OPENID_CONFIGURATION_URL=https://example.com/.well-known/openid-configuration
  - OPAL_OAUTH2_EXACT_MATCH_CLAIMS=foo=bar
  - OPAL_OAUTH2_REQUIRED_CLAIMS=client_id,iat,exp
  - OPAL_OAUTH2_JWT_ALGORITHM=RS256
  - OPAL_OAUTH2_JWT_AUDIENCE=some_audience
  - OPAL_OAUTH2_JWT_ISSUER=some_issuer

Let me know what you think.

[netlify[bot]]

✅ Deploy Preview for opal-docs canceled.

Name	Link
🔨 Latest commit	f66fca3c5cc427be8519b98b2e0169e9b21e75fd
🔍 Latest deploy log	https://app.netlify.com/sites/opal-docs/deploys/667ab1b98322f30008b54d86