* [gitpod-db] Add `d_b_oidc_client_config.active` field
* [papi] Add OIDCClientConfig.active to proto def
* [gitpod-db] Add OIDCClientConfig.active
* [papi] Add `activate` param to `/oidc/start` endpoint handler
If provided it should mark the OIDC client config as `active` in the DB.
* Fix propagation of state params and add tests.
* fix import of deprecated ioutil
* refactor GetStartParams
* consider `activate` from create request
* [experiment] Add "Sign in with SSO" to Login
Reusing existing parts:
* `/complete-auth` page of Dashbaord to forward results of authN flows running in a modal
* Adding preliminary UI to the Login view: Org-slug and simple button.
* [gitpod-db] get team/org by slug
* [gitpod-db] fix OIDCClientConfig.OrganizationID field's type
* [oidc] consider returnTo URL
* [oidc] consider orgSlug param from start request
* [oidc] fix oauth2 clientId propagation
* [oidc] fix a flaky test
* [onboarding] skip for organizational accounts
* Move SSO Login UI into it's own component
* adjust validation a bit, add useCallbacks
* adding GetOIDCClientConfigByOrgSlug
* add table name
* removing commented out code
---------
Co-authored-by: Brad Harris <bmharris@gmail.com>
Using JWT tokens for encoding/decoding/validation of state params carried throughout the OIDC/OAuth2 flow.
Validating of integrity is crucial, as this piece of information contains the ID of the OIDC client to continue with when Gitpod receives the callback from a 3rd party. Tests should show that expiration time is checked and signature validation is effective.
