coordination #89020

Updated by mkittler 11 months ago

## Observation

In the openQA configuration one can currently choose between *FakeAuth*, *OpenID* and *OAuth2*. Setting `auth/method` in the config file changes that globally. Only one method can be used at the same time. Changing it would require all logins to go through the new method. And *Login* always immediately redirects to the configured provider.

## Suggestion
- Add a *provider* column to the *Users* table
- Make *username* unique across providers (so the new unique constraint would be `username,provider` and *not* just `username`)
- Allow configuring multiple auth methods at the same time
- Allow configuring multiple providers per auth method at the same time at least for *OAuth2* (to be able to support e.g. ipsilon and GitHub at the same time)

- Ensure existing data defaults to the active provider upon migration **or** continues to work as-is with manual intervention required
- Provide UX in the web UI e.g. expose buttons for providers to choose from