feat: add ldap and oidc sso (#500)

* wip: sso

* feat: add ldap client and provider

* feat: implement login form

* feat: finish sso

* fix: lint and format issue

* chore: address pull request feedback

* fix: build not working

* fix: oidc is redirected to internal docker container hostname

* fix: build not working

* refactor: migrate to ldapts

* fix: format and frozen lock file

* fix: deepsource issues

* fix: unit tests for ldap authorization not working

* refactor: remove unnecessary args from dockerfile

* chore: address pull request feedback

* fix: use console instead of logger in auth env.mjs

* fix: default value for auth provider of wrong type

* fix: broken lock file

* fix: format issue

packages/auth/providers/oidc/oidc-provider.ts

@@ -0,0 +1,37 @@
+import type { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
+import type { OIDCConfig } from "next-auth/providers";
+
+import { env } from "../../env.mjs";
+import { createRedirectUri } from "../../redirect";
+
+interface Profile {
+  sub: string;
+  name: string;
+  email: string;
+  groups: string[];
+  preferred_username: string;
+  email_verified: boolean;
+}
+
+export const OidcProvider = (headers: ReadonlyHeaders | null): OIDCConfig<Profile> => ({
+  id: "oidc",
+  name: env.AUTH_OIDC_CLIENT_NAME,
+  type: "oidc",
+  clientId: env.AUTH_OIDC_CLIENT_ID,
+  clientSecret: env.AUTH_OIDC_CLIENT_SECRET,
+  issuer: env.AUTH_OIDC_ISSUER,
+  authorization: {
+    params: {
+      scope: env.AUTH_OIDC_SCOPE_OVERWRITE,
+      redirect_uri: createRedirectUri(headers, "/api/auth/callback/oidc"),
+    },
+  },
+  profile(profile) {
+    return {
+      id: profile.sub,
+      // Use the name as the username if the preferred_username is an email address
+      name: profile.preferred_username.includes("@") ? profile.name : profile.preferred_username,
+      email: profile.email,
+    };
+  },
+});