feat(login): use new IDP templates (#5315)

The login uses the new template based IDPs with backwards compatibility for old IDPs

internal/idp/providers/gitlab/gitlab.go

@@ -18,14 +18,14 @@ type Provider struct {
 }
 
 // New creates a GitLab.com provider using the [oidc.Provider] (OIDC generic provider)
-func New(clientID, clientSecret, redirectURI string, options ...oidc.ProviderOpts) (*Provider, error) {
-	return NewCustomIssuer(name, issuer, clientID, clientSecret, redirectURI, options...)
+func New(clientID, clientSecret, redirectURI string, scopes []string, options ...oidc.ProviderOpts) (*Provider, error) {
+	return NewCustomIssuer(name, issuer, clientID, clientSecret, redirectURI, scopes, options...)
 }
 
 // NewCustomIssuer creates a GitLab provider using the [oidc.Provider] (OIDC generic provider)
 // with a custom issuer for self-managed instances
-func NewCustomIssuer(name, issuer, clientID, clientSecret, redirectURI string, options ...oidc.ProviderOpts) (*Provider, error) {
-	rp, err := oidc.New(name, issuer, clientID, clientSecret, redirectURI, oidc.DefaultMapper, options...)
+func NewCustomIssuer(name, issuer, clientID, clientSecret, redirectURI string, scopes []string, options ...oidc.ProviderOpts) (*Provider, error) {
+	rp, err := oidc.New(name, issuer, clientID, clientSecret, redirectURI, scopes, oidc.DefaultMapper, options...)
 	if err != nil {
 		return nil, err
 	}

internal/idp/providers/gitlab/gitlab_test.go

@@ -16,6 +16,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 		clientID     string
 		clientSecret string
 		redirectURI  string
+		scopes       []string
 		opts         []oidc.ProviderOpts
 	}
 	tests := []struct {
@@ -29,6 +30,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 			},
 			want: &oidc.Session{
 				AuthURL: "https://gitlab.com/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState",
@@ -40,7 +42,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 			a := assert.New(t)
 			r := require.New(t)
 
-			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.opts...)
+			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.opts...)
 			r.NoError(err)
 
 			session, err := provider.BeginAuth(context.Background(), "testState")

internal/idp/providers/gitlab/session_test.go

@@ -22,6 +22,7 @@ func TestProvider_FetchUser(t *testing.T) {
 		clientID     string
 		clientSecret string
 		redirectURI  string
+		scopes       []string
 		httpMock     func()
 		authURL      string
 		code         string
@@ -55,6 +56,7 @@ func TestProvider_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://gitlab.com/oauth").
 						Get("/userinfo").
@@ -74,6 +76,7 @@ func TestProvider_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://gitlab.com/oauth").
 						Get("/userinfo").
@@ -110,6 +113,7 @@ func TestProvider_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://gitlab.com/oauth").
 						Get("/userinfo").
@@ -161,7 +165,7 @@ func TestProvider_FetchUser(t *testing.T) {
 
 			// call the real discovery endpoint
 			gock.New(issuer).Get(openid.DiscoveryEndpoint).EnableNetworking()
-			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.options...)
+			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)
 			require.NoError(t, err)
 
 			session := &oidc.Session{