Support Prompt Option

[LarzP123]

Overview

This adds support for 3.1.2.1. Authentication Request options. Which means that you can now have headers with prompt= set to none,login,consent, or select_account.

Details

• Handling for the prompt parameter for none, login, and consent, just further specified when each page could be gone to. If you enter none, without having authed you will get a "interaction_required" error.
• If you enter none while having authed you will be passed through
• If you enter login you will be forced to login even if you have already authed
• If you enter consent, you will have to grant consent but if you are logged in you won't have to log in again

The handling for select_account was more complicated and came in a different commit. The updates there were

• Handle both the select-account and select_account endpoints. Previously this only had select-account but the standard lists select_account so I just kept both.
• Don't just store latest user logged in but a list of users that have logged in
• Create a new page/UI to select accounts from given the list of logged in accounts
• Add special handling in the select user page so that it can redirect you to the login page and redirect you after that is all done

Testing

1. Build the code and then run the code

cabal build
 .\dist-newstyle\build\x86_64-windows\ghc-9.6.6\broch-0.1\x\broch\build\broch\broch.exe --back-end SQLITE --port 3000 --issuer http://localhost:3000

2. Add a bunch of test users

cd 'C:\Users\a\Documents\C-Code\Broch\broch'
sqlite3 broch.db3 ".tables"

INSERT INTO op_user (id, username, password)
VALUES ('5679_lion_id', 'lion', '$2b$06$0hv.cFDlritKLY6KnI1v8.nWremAFrDZcDum2IqGyKaINQdacHxlC');

INSERT INTO op_user (id, username, password)
VALUES ('3456_dog_id', 'dog', '$2b$06$0hv.cFDlritKLY6KnI1v8.nWremAFrDZcDum2IqGyKaINQdacHxlC');

the password for all of these users is "cat"

3. Go to http://localhost:3000/oauth/authorize?client_id=testclient&response_type=code&scope=openid&redirect_uri=https://httpbin.org/get&state=abc123&prompt=none

in a web browser. You should be given the error 'interaction_required'

4. Go to a url without specifying any prompt. http://localhost:3000/oauth/authorize?client_id=testclient&response_type=code&scope=openid&redirect_uri=https://httpbin.org/get&state=abc123 You should be taken to log in. Log in as us:cat ps:cat

5. Now go to the consent page http://localhost:3000/oauth/authorize?client_id=testclient&response_type=code&scope=openid&redirect_uri=https://httpbin.org/get&state=abc123&prompt=consent. It should skip the login page entirely and just ask you for an expiration date on an approval request. Hit approve

6. Go to the select account page http://localhost:3000/oauth/authorize?client_id=testclient&response_type=code&scope=openid&redirect_uri=https://httpbin.org/get&state=abc123&prompt=select_account

And select the cat account you have been using

7. Go back to the select_account page and hit the button to use a different account and try your test users http://localhost:3000/oauth/authorize?client_id=testclient&response_type=code&scope=openid&redirect_uri=https://httpbin.org/get&state=abc123&prompt=select_account

[LarzP123]

@tekul Could you review? Or is there a way that you'd prefer I get a review?