Support Implicit OIDC flow for the OIDC connector

[colemickens]

I know that Dex supports the implicit flow for the IdP, but I'd like to be able to use Dex with Portier, which only supports response_type=id_token and the grant_type=implicit.

Unfortunately, this requires tracking the nonce (which is required in the implicit flow) whereas the current OIDC connector seems stateless during the initial exchange.

Is there a pattern to follow here? Maybe a connector that has to stash some session data during the authentication flow? Is there a way to "start" the identity without it being treated as fully authenticated?

[colemickens]

Hm, it looks like the server does maintain an authrequest for outbound oidc-alike connectors but handles the storage on behalf of the connector. I'll see if there's a way to support nonce without needing to refactor how storage is handled.

[colemickens]

I have this implemented in a fork by adding ConnectorData that can be persisted/accessed during the flow. But it's blocked on #1255.

[srenatus]

@colemickens Any update on this? It looks like #1255 isn't blocking this anymore.

[colemickens]

I had implemented it here. It stacks on another PR that isn't merged yet, though. #1256

[srenatus]

Sorry, sifting through so many issues and PRs. Thanks for the update.