[Feature Request]: Generic OIDC Support #3624
Description
Is your feature request related to a problem? Please describe.
Timesketch should support generic OIDC for use with products like PocketID, Okta, etc
Describe the solution you'd like
Similar implementation to what is available now with the GOOGLE_OIDC values but for generic OIDC. We should have it support the same values as the current implementation but using a generic OIDC endpoint not a google one. /login/oidc_connect/
Describe alternatives you've considered
I test the current implementation and while it's close using the google OIDC endpoint it gets errors with how JWT is returned to the SSO provider.
Additional context
Something like this for the config file:
# Generic OpenID Connect (OIDC) authentication configuration.
# Enable Generic OIDC authentication support.
GENERIC_OIDC_ENABLED = False
GENERIC_OIDC_AUTH_URL = None
GENERIC_OIDC_DISCOVERY_URL = None
GENERIC_OIDC_ALGORITHM = None
GENERIC_OIDC_CLIENT_ID = None
GENERIC_OIDC_CLIENT_SECRET = None
# If you need to authenticate an API client using OIDC you need to create
# an OAUTH client for "other", or for native applications.
GENERIC_OIDC_API_CLIENT_ID = None
# List of additional allowed OIDC clients that can authenticate to the APIs
GENERIC_OIDC_API_CLIENT_IDS = []
# Limit access to a specific domain.
GENERIC_OIDC_HOSTED_DOMAIN = None
# Additional domains allowed API access.
GENERIC_OIDC_API_ALLOWED_DOMAINS = []
# If populated only these users (email addresses) will be able to login to
# this server. This can be used when access should be limited to a specific
# set of users.
GENERIC_OIDC_ALLOWED_USERS = []