support OIDC on Environment UsagePlans.authPolicy

[bcollard]

Today, when you want to secure APIs, only AccessTokenValidation is supported:

Source (Environment snippet):

  parameters:
    usagePlans:
      oidc:
        displayName: "OIDC"
        # rateLimit:
        #   unit: SECOND
        #   requestPerUnit: 5
        authPolicy:
          oauth:
            authorizationUrl: https://dev-5ejxys8g.eu.auth0.com/authorize
            tokenUrl: https://dev-5ejxys8g.eu.auth0.com/oauth/token
            jwtValidation:
              issuer: "https://dev-5ejxys8g.eu.auth0.com/"
              remoteJwks:
                url: https://dev-5ejxys8g.eu.auth0.com/.well-known/jwks.json
                refreshInterval: 60s
            scopes:
              openid:
                required: true
                description: "user info claims"
              profile:
                required: false
                description: "more claims"

Result (AuthConfig snippet):

...
- name: oidc
    oauth2:
      accessTokenValidation:
        jwt:
          issuer: https://dev-5ejxys8g.eu.auth0.com/
          remoteJwks:
            refreshInterval: 60s
            url: https://dev-5ejxys8g.eu.auth0.com/.well-known/jwks.json
        requiredScopes:
          scope:
          - opened
...

Although you can simulate OIDC with the try-it-out feature in a Portal web-UI, "we" want to protect APIs with OIDC, through Environment. With other words: an Environment CR should be able to generate an AuthConfig CR with OIDC config (client_id, client_secret, callbackPath, etc.) Understand in the first code block above, I wish I could add parameters like client_id, client_secret, callbackPath, etc.

[jameshbarton]

We can close this out now, right? This has been supported for some time: https://docs.solo.io/gloo-portal/latest/guides/oauth/#use-portal-to-authenticate-with-oauth