feat: project roles (#843)

* fix logging

* token verification

* feat: assert roles

* feat: add project role assertion on project and token type on app

* id and access token role assertion

* add project role check

* user grant required step in login

* update library

* fix merge

* fix merge

* fix merge

* update oidc library

* fix tests

* add tests for GrantRequiredStep

* add missing field ProjectRoleCheck on project view model

* fix project create

* fix project create

internal/project/model/oidc_config.go

@@ -21,19 +21,22 @@ const (
 
 type OIDCConfig struct {
 	es_models.ObjectRoot
-	AppID                  string
-	ClientID               string
-	ClientSecret           *crypto.CryptoValue
-	ClientSecretString     string
-	RedirectUris           []string
-	ResponseTypes          []OIDCResponseType
-	GrantTypes             []OIDCGrantType
-	ApplicationType        OIDCApplicationType
-	AuthMethodType         OIDCAuthMethodType
-	PostLogoutRedirectUris []string
-	OIDCVersion            OIDCVersion
-	Compliance             *Compliance
-	DevMode                bool
+	AppID                    string
+	ClientID                 string
+	ClientSecret             *crypto.CryptoValue
+	ClientSecretString       string
+	RedirectUris             []string
+	ResponseTypes            []OIDCResponseType
+	GrantTypes               []OIDCGrantType
+	ApplicationType          OIDCApplicationType
+	AuthMethodType           OIDCAuthMethodType
+	PostLogoutRedirectUris   []string
+	OIDCVersion              OIDCVersion
+	Compliance               *Compliance
+	DevMode                  bool
+	AccessTokenType          OIDCTokenType
+	AccessTokenRoleAssertion bool
+	IDTokenRoleAssertion     bool
 }
 
 type OIDCVersion int32
@@ -79,6 +82,13 @@ type Compliance struct {
 	Problems      []string
 }
 
+type OIDCTokenType int32
+
+const (
+	OIDCTokenTypeBearer OIDCTokenType = iota
+	OIDCTokenTypeJWT
+)
+
 func (c *OIDCConfig) IsValid() bool {
 	grantTypes := c.getRequiredGrantTypes()
 	for _, grantType := range grantTypes {