[Feature Request] SSO with OIDC for admins and clients

[den5o]

I'm running a few different services for my clients and I manage their accounts with Keycloak. Also, some clients have multiple concurrent active projects. The way ViTransfer manages client login is per project, in addition to the SSO login I provide for them, which is inconvenient for them.

A recent example:
Client company runs 2 podcast series, with more planned in the near future. Some users require access to all projects, while others just to a single one. Users requiring access to all projects need to login twice in order to access both of them.

Support for SSO with OIDC for admins and clients would be ideal. Each client in my Keycloak instance is assigned to a company group. All client groups are children of the clients group.

Features I'd like to have:

1. Allow admin login when a user is a member of a group set in environment variables. For example: OIDC__ADMIN_GROUP: editors
2. Create a new admin user on first login.
3. Get groups nested under the 'clients' group' from SSO provider and import as companies. OIDC__CLIENTS_GROUP: clients
4. Import users for each company.
5. Manual trigger as well as periodically probe SSO provider for newly added client groups as well as users of existing companies and import them.

Additional nice-to-haves:

1. Client dashboard so they can switch between projects easily.
2. Existing project authentication methods remain available for stakeholders that are don't have an account on the SSO provider.

I'm aware it would be a great undertaking to implement this but it would be a great QOL improvement.

[MansiVisuals]

I’m always happy to review and accept a PR if someone wants to build this feature and is willing to help maintain it going forward. But I simply don’t want to spend time maintaining, testing, and fixing code for a feature i don’t personally use.