chore(oidc): remove legacy storage methods (#10061)

# Which Problems Are Solved

Stabilize the optimized introspection code and cleanup unused code.

# How the Problems Are Solved

- `oidc_legacy_introspection` feature flag is removed and reserved.
- `OPStorage` which are no longer needed have their bodies removed.
- The method definitions need to remain in place so the interface
remains implemented.
  - A panic is thrown in case any such method is still called

# Additional Changes

- A number of `OPStorage` methods related to token creation were already
unused. These are also cleaned up.

# Additional Context

- Closes #10027 
- #7822

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/command/project_application_oidc_test.go

@@ -2,18 +2,13 @@ package command
 
 import (
 	"context"
-	"io"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/zitadel/passwap"
-	"github.com/zitadel/passwap/bcrypt"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command/preparation"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -1307,168 +1302,3 @@ func newOIDCAppChangedEvent(ctx context.Context, appID, projectID, resourceOwner
 	)
 	return event
 }
-
-func TestCommands_VerifyOIDCClientSecret(t *testing.T) {
-	hasher := &crypto.Hasher{
-		Swapper: passwap.NewSwapper(bcrypt.New(bcrypt.MinCost)),
-	}
-	hashedSecret, err := hasher.Hash("secret")
-	require.NoError(t, err)
-	agg := project.NewAggregate("projectID", "orgID")
-
-	tests := []struct {
-		name       string
-		secret     string
-		eventstore func(*testing.T) *eventstore.Eventstore
-		wantErr    error
-	}{
-		{
-			name: "filter error",
-			eventstore: expectEventstore(
-				expectFilterError(io.ErrClosedPipe),
-			),
-			wantErr: io.ErrClosedPipe,
-		},
-		{
-			name: "app not exists",
-			eventstore: expectEventstore(
-				expectFilter(),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D8hba", "Errors.Project.App.NotExisting"),
-		},
-		{
-			name: "wrong app type",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC"),
-		},
-		{
-			name: "no secret set",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							"",
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid"),
-		},
-		{
-			name:   "check succeeded",
-			secret: "secret",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							hashedSecret,
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-		},
-		{
-			name:   "check failed",
-			secret: "wrong!",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							hashedSecret,
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid"),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			c := &Commands{
-				eventstore:   tt.eventstore(t),
-				secretHasher: hasher,
-			}
-			err := c.VerifyOIDCClientSecret(context.Background(), "projectID", "appID", tt.secret)
-			c.jobs.Wait()
-			require.ErrorIs(t, err, tt.wantErr)
-		})
-	}
-}