OpenID/OAuth2 Servers Should Be Fully Configurable

[ip6li]

Is your feature request related to a problem? Please describe.

Feature should support other OpenID/OAuth2 platforms than Google and Facebook. Some changes allow usage of a private Keycloak server.

Describe the solution you'd like See this Fork. This solution uses Keycloak as OAuth2/OIDC identity provider (IDP) which has many advantages regarding local SQL based auth solution. Keycloak allows many AuthN/AuthZ backends and support multi factor authentication.

Describe alternatives you've considered First try was to extend Alovoa OAuth2 implementation for Keycloak as alternative for Google and Facebook auth. Better solution is to let OAuth2 also do authorization with e.g. Keycloak group assignment. This solution as advantage that no admin password needed to be configured in application.properties.

Next Steps Fork mentioned above will remove local authentication completely. Documentation will be added for configuration of Keycloak including realm alovoa with one or two admin users which are disabled by default. Keycloak admin ahs to install JSON, change password for at least one admin and then enable that admin.