* [papi] Add `verified` flag to config and `ActivateClientConfig` to OIDC service
* [papi] implement `ActivateClientConfig`
* [gitpod-db/go] add `setClientConfigVerifiedFlag`
* [gitpod-db/migration] add `d_b_oidc_client_config.verified` field
* [papi] Don't deactive on UpdateClientConfig
* [gitpod-db/go] add missing `Verified` field
* On "activate" request also mark as verified.
* [gitpod-db/go] fix mapping of `Verified` field
* [papi] ensure only verified OIDC client configs can be activated
* [papi] Skip the sign-in on verify-only requests.
* [papi] fix skipped tests
* [papi] fix mapping of OIDC configs
* rename RPC method
* fix tests after adding validation of claims
* fix: activation of record should deactivate others
* fix: update should unverify the entry
* remove Debug()
* [db-migration] fix: mark active entries as verified
* [SSO] find organizational accounts by email
First try to look up accounts by `[subjectID, audience]` as composite key, then try to lookup by email address. The scope of this lookup is limited to the Org owning the SSO configuration.
* fix tests for /session endpoint handler
* rename to findOrganizationalUser
* fix test case
* added logging for "find by email" path
* check onboaring state for dedicated setup flow
* track dedicated setup completed w/ state
* use ff for loading check too
* remove caching of onboarding state
* wip
* checking for deleted oidc configs too
* trying to drive off onboarding state more
* more wip to handle state of dedicated setup
* reset queries
* set active org id in local storage
* clear query client cache
* removing ff check
* move updateUser from step to flow
---------
Co-authored-by: Alex Tugarev <alex@gitpod.io>
* [gitpod-db] Add `d_b_oidc_client_config.active` field
* [papi] Add OIDCClientConfig.active to proto def
* [gitpod-db] Add OIDCClientConfig.active
* [papi] Add `activate` param to `/oidc/start` endpoint handler
If provided it should mark the OIDC client config as `active` in the DB.
* Fix propagation of state params and add tests.
* fix import of deprecated ioutil
* refactor GetStartParams
* consider `activate` from create request
* [preview] Disable stripe secrets on GITPOD_WITH_DEDICATED_EMU
* [preview] Disable linkedin secrets on GITPOD_WITH_DEDICATED_EMU
* [dashboard, db] Don't show onboarding dialogues for "admin-user"
* [preview] Configure stripe/linkedin in the same code block
