chore: add client_secret and client_authentication env variables

[Braden-OBrien]

Description

Added additional values to the OIDC Web config such that the /config.json options are passed on to the frontend.

• ClientSecret:

json:"client_secret,omitempty" yaml:"client_secret" env:"OC_OIDC_CLIENT_SECRET;WEB_OIDC_CLIENT_SECRET"

client_secret option used by oidc-client-ts to provide the client_secret to OAuth endpoint during code exchange. Despite PKCE, some external IDPs demand that the client secret be provided regardless, sort of as another client_id. Allows some new IDPs to be compatible with OpenCloud (such as Google OAuth).

• ClientAuthentication:

json:"client_authentication,omitempty" yaml:"client_authentication" env:"WEB_OIDC_CLIENT_AUTHENTICATION"

"client_secret_xx" option used by oidc-client-ts to specify whether the client_id and client_secret are provided to the OAuth endpoint as a basic authentication header (client_secret_basic), included in the POST headers (client_secret_post), or as a JWT (client_secret_JWT).

Both can be added as environment variables or using the existing WEB_UI_CONFIG_FILE json option.

Related Issue

• Fixes Add configuration option for OIDC token endpoint authentication method #2345

Motivation and Context

Certain external IDP configurations are verify specific - particularly with requesting the client_secret regardless of PKCE. This is a simple addition to the configuration that extends the possibilities to configure an external IDP.

Enables a couple more of the options described on the Web documentation that were being improperly passed on to the web frontend because the JSON unmarshaler failed to unmarshal into the Web.Config.OpenIDConnect struct.

How Has This Been Tested?

• test environment:
  Debian 13 bare-metal install
  Google Accounts as OAuth/OIDC provider

Tested successful delivery of client secret via both client_secret_basic and client_secret_post configurations.

Screenshots (if appropriate):

WEB_OIDC_CLIENT_AUTHENTICATION="client_secret_post"

WEB_OIDC_CLIENT_AUTHENTICATION="client_secret_basic"

Also implemented small unit test /services/web/pkg/config/oidc_config_test.go to test the successful parsing of environment variables into struct

Running tool: /usr/local/go/bin/go test -test.fullpath=true -timeout 30s -run ^TestOIDCWebConfiguration$ github.com/opencloud-eu/opencloud/services/web/pkg/config

=== RUN   TestOIDCWebConfiguration
--- PASS: TestOIDCWebConfiguration (0.00s)
PASS
ok      github.com/opencloud-eu/opencloud/services/web/pkg/config       0.008s

As well as existing test suite for config and webfinger discovery (relations)

=== RUN   TestConfig
Running Suite: Config Suite - /home/bobrien/opencloud/pkg/config
================================================================
Random Seed: 1782097871

Ran 1 of 1 Specs in 0.006 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestConfig (0.01s)
PASS
ok      github.com/opencloud-eu/opencloud/pkg/config    0.015s

services/webfinger/relations full test:

Running tool: /usr/local/go/bin/go test -test.fullpath=true -timeout 30s -coverprofile=/tmp/vscode-goFJzcMv/go-code-cover github.com/opencloud-eu/opencloud/services/webfinger/pkg/relations

ok  	github.com/opencloud-eu/opencloud/services/webfinger/pkg/relations	0.005s	coverage: 89.7% of statements

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation added

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}