Add support for custom mappings between OIDC token and meshcentral user

[GastonMeghi]

Is your feature request related to a problem? Please describe.
I'm working with Two OIDC IDPs at the moment and none of them send the user name in a field that can be picked up by meshcentral.

Describe the solution you'd like
By using jsonpath-plus and adding a new key in the config, every user can specify how their IDP's ID token should be mapped to meshcentral's profiles.

Describe alternatives you've considered
This is the only thing I could think of that's flexible enough for every usecase.

Additional context
For example if my OIDC ID token is:

IDToken={
  exp: 1685841056,
  iat: 1685840996,
  auth_time: 1685840996,
  jti: 'b4bfc249-dd53-4d54-8d83-6e30d5654d8f',
  iss: 'http://localhost:8080/realms/master',
  aud: 'meshcentral',
  sub: '8763043c-b6fc-4e61-8461-63c3bb29bfcd',
  typ: 'ID',
  azp: 'meshcentral',
  session_state: '0fc8c690-dd39-4f8f-a784-ee27dad1a253',
  at_hash: 'HGgMP0SujMmYOTwqP4n9xw',
  acr: '1',
  sid: '0fc8c690-dd39-4f8f-a784-ee27dad1a253',
  email_verified: true,
  preferred_username: 'user',
  given_name: '',
  family_name: '',
  email: 'user@gmail.com'
}

with this key in the config file:

IDTokenToProfileMapper: "{"display_name":"$.preferred_username","email":"$.email","id":"$.sub"}"

we would get this in the profile:

{
  display_name: 'user',
  email: 'user@gmail.com',
  id: '8763043c-b6fc-4e61-8461-63c3bb29bfcd'
}

This could also be done for the groups, but I haven't explored that yet

This should be an issue in @mstrhakr repo for OIDC as well. If you guys agree with this I can implement it and make a pull request.

[mstrhakr]

In the #4530 pull request I'm pretty sure I gave the ability to set a custom claim to use for this exact use case. It's a little behind now but it could still potentially be merged. I'm not sure if it is planned to be merge eventually or if it would need to be reworked but I still use it as it for what its worth.

Here are the docs I wrote for that particular feature if you end up using it.

[GastonMeghi]

@si458 @Ylianst

Is there an implementation of this that would get approved and merged? It would be awesome to get this to work with other providers.

Thanks,
Gastón

[si458]

Sadly I don't have any odic providers so I cannot test for you or try and make a fix

[GastonMeghi]

I can fix it, I just want the go ahead on the idea, so it get's merged at the end. I see there is another solution for OIDC but it never got merged.

If you guys have a better idea in mind, I can implement and test that, as long as it works I don't mind!

[si458]

@GastonMeghi sure, if you think u can fix it, submit a PR and ill get @Ylianst to look at it for you! no promises on the merge tho

[GastonMeghi]

Thanks! I'll be working on that these days! hope it makes it!