Single Sign-On via OpenID Connect (#888)

* add oidc config variables

* setup a basic middleware

* implement an async http client that uses oidc

* initialize provider_metadata in OidcService

* better error handling in oidc config

* HTTP client initialization in oidc now follows global config

* oidc: implement redirects

- Add `host` configuration option for specifying the application's web address in configuration.md and app_config.rs.
- Update docker-compose.yaml to include SQLPAGE_HOST and SQLPAGE_OIDC_ISSUER_URL environment variables.
- Enhance OIDC middleware to utilize the new `host` setting for redirect URLs and improve cookie handling in oidc.rs.

* improve local oidc configurability

* log

* Update warning message in OIDC configuration to clarify how to disable it by providing a host setting

* Update OIDC redirect logging to use info level with client ID

* Refactor unauthenticated request handling in OIDC service

- Extracted logic for handling unauthenticated requests into a separate method `handle_unauthenticated_request`.
- Updated the main request handling flow to utilize the new method for improved readability and maintainability.

* Enhance OIDC service with callback handling and token processing

- Introduced `handle_oidc_callback` method to manage OIDC callback requests.
- Added `process_oidc_callback` and `exchange_code_for_token` methods for token exchange logic.
- Updated `handle_unauthenticated_request` to check for callback URL and redirect accordingly.
- Refactored `build_redirect_response` to improve clarity in response handling.

* in handle_oidc_callback use service_request.into_response

* fmt

* Implement oidc code exchange and token storage

* validate oidc cookies

- Updated `get_sqlpage_auth_cookie` to return a result for better error handling and validation of the SQLPage auth cookie.
- Improved logging throughout the OIDC service for better traceability of requests and responses.
- Adjusted the handling of OIDC callback parameters to include context in error messages.

* OIDC callback: redirect to the auth URL on failure.

* oidc use localhost for redirect config instead of 0.0.0.0 by default

* Enhance OIDC provider metadata discovery with improved logging and error context

* maintain the initial URL during OIDC authentication

- Added state cookie handling to maintain the initial URL during OIDC authentication.
- Refactored `build_auth_url` to accept the initial URL as a parameter.
- Enhanced `process_oidc_callback` to retrieve the state from the cookie and redirect accordingly.

* implement csrf token

* update deps

* update sso examples

* nonce verification

- Improved error logging for invalid auth cookies and ID token verification.
- Introduced nonce verification logic to ensure security during OIDC authentication.
- Adjusted parameters for nonce hashing to optimize for short-lived tokens.

* Refactor OIDC logging and improve documentation

- Updated logging statements for better clarity and context.
- Refactored code for nonce verification and error handling.
- Enhanced documentation in `app_config.rs` for clarity on `https_domain` usage.

* Remove unused app_state field from OidcService struct

* Enhance OIDC client error handling and refactor HTTP request types

- Added context to OIDC client creation error handling.
- Updated HTTP request and response types for better integration with the openidconnect library.
- Introduced AwcWrapperError for improved error management in HTTP calls.

* clippy fixes

- Changed http_client from Arc to Rc in OidcService for improved memory efficiency.
- Updated related code to reflect the new ownership model for the HTTP client.

* initialize the oidc and http clients only once

- Added OidcState struct to encapsulate OIDC configuration and client.
- Refactored OidcMiddleware to utilize OidcState for improved state management.
- Updated HTTP client handling in OIDC service methods for better integration with app data.
- Enhanced logging for OIDC middleware initialization and request processing.

* functions for accessing user claims from OIDC tokens + documentation

- Updated SQLPage authentication component documentation for clarity on usage and options.
- Removed deprecated login and redirect handler scripts to streamline the SSO implementation.
- Enhanced logout functionality to properly clear session cookies and redirect users.
- Improved request handling to include OIDC claims in the request context for better user information retrieval.

* better sso troubleshooting info

* fmt

* add sso to the changelog

Author: lovasoa

CHANGELOG.md

@@ -1,6 +1,8 @@
 # CHANGELOG.md
 
 ## v0.35
+ - Add support for [single sign-on using OIDC](sql-page.com/sso)
+   - Allows protecting access to your website using "Sign in with Google/Microsoft/..."
  - Fix tooltips not showing on line charts with one or more hidden series
  - Update default chart colors and text shadows for better readability with all themes
  - Optimize memory layout by boxing large structs. Slightly reduces memory usage.