Enable OIDC in passport

[dave-gantenbein]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[arsher]

It would be nice if OIDC could be used for the API itself as well, not just to create a session on the GUI.

[jescalada]

Hi @arsher, I'm now implementing OIDC for the API itself. I have it working for the login, user creation, and frontend routing. I was wondering how you'd like it implemented on the backend.

Right now, the backend allows any request to go through regardless of auth status, which is obviously bad. Should I go the extra mile and set up auth based on session + JWT token? Users would have to log in, or otherwise use an endpoint to authenticate (get the token) and then access any backend resource.

Does your team have any specific security requirements?

[arsher]

@jescalada thank you. I think for the backend would be nice to have the ability to just use a Bearer JWT, I don't mind keeping the session auth as well, but ideally it would work without one just by prividing the bearer token.

As for additional requirements, I think it would be nice to have a very simplistic access control setup, so for example by configuring a JWT claim for user/admin/api access, just these three, I doubt we would need more granularity for this. Do you think this is feasible?