Storage Health Check: Check for presence of an OIDC IdP

[mereghost]

Related WP: OP#61339

This will check the presence of an OIDC IdP only if the oauth_sso auth method is selected.

[NobodysNightmare]

🟢 Naming nit: I'd repeat the sso terminology here, especially since the authentication method does not try to imply OIDC

Suggested change

	trait :oidc_enabled do
	trait :sso_authentication do

Suggested change

	trait :oidc_enabled do
	trait :sso_enabled do

[mereghost]

Hmmmmm... I'm starting to wonder if going with SSO won't be a mistake as we have other SSO solutions supported on OpenProject, like SAML.

[NobodysNightmare]

To be fair, that's why it was called oauth2_sso and not sso alone :D

I see what you mean, but right now it sounds as likely to me that adding OIDC to names is a mistake, as it could be that dropping OIDC is a mistake.

I.e. the implementation could develop to be super duper tightly coupled to OIDC and we'd need to do something entirely different for SAML. Or the implementation develops in a direction where the storage just cares about the thing being "some kind of SSO", but which kind exactly is not important.

Right now we don't know, so we only guess which name will be better. I am mostly advocating for having the term "SSO" included, because the distinguishing factor between the solutions we have today, is that one is SSO and the other is not SSO. Whether or not we qualify the term "SSO" with OIDC, I have less strong feelings about, because we don't know how that will develop.

[mereghost]

audience and authentication_method are already pretty tied to OIDC as is implementation wise and we have no plans in the short/medium term of supporting anything else than OIDC for this.

We could even extend this trait to supply a OpenIDConnect::Provider (which I think I'll need down the line).

[NobodysNightmare]

oidc_sso_enabled?

[mereghost]

Sounds good. I'll change it on the next PR unless this CI run fails. XD