Refactor/migrate open id connector

obp-api/src/main/scala/bootstrap/liftweb/Boot.scala

@@ -494,17 +494,12 @@ class Boot extends MdcLoggable {
     enableVersionIfAllowed(ApiVersion.`dynamic-endpoint`)
     enableVersionIfAllowed(ApiVersion.`dynamic-entity`)
 
-    def enableOpenIdConnectApis = {
-      //  OpenIdConnect endpoint and validator
-      if (code.api.Constant.openidConnectEnabled) {
-        LiftRules.dispatch.append(OpenIdConnect)
-      }
-    }
-    // DirectLogin (POST /my/logins/direct) and aliveCheck (GET /alive) are now
-    // served by their native http4s counterparts wired into
-    // Http4sApp.baseServices (DirectLoginRoutes / AliveCheckRoutes). The Lift
+    // OpenID Connect callbacks (/auth/openid-connect/callback{,-1,-2}), DirectLogin
+    // (POST /my/logins/direct) and aliveCheck (GET /alive) are now served by their
+    // native http4s counterparts wired into Http4sApp.baseServices
+    // (Http4sOpenIdConnect / DirectLoginRoutes / AliveCheckRoutes). The Lift
     // dispatches were retired in the http4s migration; any prop gates
-    // (e.g. `allow_direct_login`) live with those routes.
+    // (e.g. `openid_connect.enabled`, `allow_direct_login`) live with those routes.
 
 
 

obp-api/src/main/scala/code/api/OAuth2.scala

@@ -533,7 +533,7 @@ object OAuth2Login extends MdcLoggable {
         case Full(_) =>
           logger.debug("applyIdTokenRules - ID token validation successful")
           val user = getOrCreateResourceUser(token)
-          val consumer = getOrCreateConsumer(token, user.map(_.userId), Some(OpenIdConnect.openIdConnect))
+          val consumer = getOrCreateConsumer(token, user.map(_.userId), Some(Http4sOpenIdConnect.openIdConnect))
           LoginAttempt.userIsLocked(user.map(_.provider).getOrElse(""), user.map(_.name).getOrElse("")) match {
             case true => ((Failure(UsernameHasBeenLocked), Some(cc.copy(consumer = consumer))))
             case false => (user, Some(cc.copy(consumer = consumer)))

obp-api/src/main/scala/code/api/directlogin.scala

@@ -529,6 +529,17 @@ object DirectLogin extends RestHelper with MdcLoggable {
     }
   }
 
+  /**
+   * Mint and persist a usable DirectLogin token for an already-authenticated user, bypassing the
+   * username/password validation in `createTokenCommonPart`. Used by the http4s OpenID Connect
+   * callback (`Http4sOpenIdConnect`) once the provider has verified the user's identity.
+   */
+  def issueTokenForUser(userPrimaryKey: Long, consumerKey: String): Box[String] = {
+    val (token, secret) = generateTokenAndSecret(JWTClaimsSet.parse("""{"":""}"""))
+    if (saveAuthorizationToken(Map("consumer_key" -> consumerKey), token, secret, userPrimaryKey)) Full(token)
+    else Failure("OpenIDConnect: could not persist DirectLogin token")
+  }
+
   def getUser : Box[User] = {
     val httpMethod = S.request match {
       case Full(r) => r.request.method