Use new openID Connect support for ipsilon
OpenID 1 as we use it currently is deprecated. OpenID Connect is what all users should switch to.
- Use Google-compatible ipsilon profile via OAuth2
- See https://ipsilon-project.org/doc/example/google-apps.html
- See https://openid.net/developers/specs/
Migration guide from OpenID 2.0 to OpenID Connect. https://openid.net/specs/openid-connect-migration-1_0.html
The Ipsilon documentation is really bad, but the OpenID Connect test might be enough to figure out the URLs. https://pagure.io/ipsilon/blob/master/f/tests/openidc.py
Apparently OpenID Connect is already activated in ipsilon and smelt uses it: https://gitlab.suse.de/tools/smelt/-/commit/9428004d6a279c26bddd87fff0e99f7dc47f10b2#12ec8689d9458e264dba06e5ba0ab093ed87043f_595_605
bmwiedemann still has to configure something to allow O3 and OSD access (no idea what), but he'll do that later today.
Apparently OpenID Connect does not yet "just work" with
Mojolicious::Plugin::OAuth2 and requires some manual additions to the workflow. https://github.com/convos-chat/convos/commit/80308a7b6fb240dd4f93c743c8a132e2b532114c
There is a fair chance that it will get added as a native feature soon though. If this ever becomes a higher priority i could probably finish the
Mojolicious::Plugin::OAuth2 patch too.