Primary reason for this inclusion is for Nextcloud social login.
The login function uses the OIDC UserInfo endpoint to gather profile
data (name/email) as well as a way to assign group memberships in
Nextcloud which are based on some attribute in the UserInfo response.
We want to use entitlements as a way to assign groups in Nextcloud and
therefore the entitlements must be included in the UserInfo endpoint.
If they are included in the UserInfo endpoint then it makes sense to
also include them in the ID token.
There is some encoding error with the injection of Shibboleth attributes somewhere between the Apache SAML plugin -> AJP -> Tomcat. Tomcat treats the data as ISO-8859-1 while it actually is UTF-8.
A decision was made to not deploy as a drop-in replacement but rather migrate applications to the new authorzitanion server.
This means it is no longer necessary to maintain backwards-compatible URLs and can instead use more "standard" URLs.
Not super-critical since they should be discovered via metadata but still nice that the URLs map closer to what the endpoint is called in the various specifications.
Utilize Java serialization to turn the entire OAuth2Authorization to a binary blob and store that in the database. Could not find a better way to do it given the types involved (like Map<String, Object> properties). Sure, Java serialization can fail on arbitrary objects but hopefully since OAuth2Authorization implements java.io.Serializable any properties put in are serializable as well.
Allow developers to add this as a service to their Docker Compose file to enable local OAuth 2.0 flows.
See the following example:
```
services:
oauth2:
build: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git
restart: unless-stopped
ports:
- "<host_port>:8080"
environment:
CLIENT_ID=awesome-app
CLIENT_SECRET=p4ssw0rd
CLIENT_REDIRECT_URI=http://localhost/oauth2/callback
```
Reviewed-on: #1
Error controller must handle all HTTP methods, not just GET. For example if getting an error on submitting a form.
All the test that previously excluded DataSourceConfiguration can no longer do so because of the ClientAdminController that requires a ClientManagementService whose implementation relies on a DataSource.
