Automatically create new account configuration

[zachmann]

After the success of auto-load (auto oidc-add), the newest idea is auto-gen (auto oidc-gen).

Context

1. Client requests an AT for a specific OP, e.g. with oidc-token https://op.example.org
   • In this context no account configuration exists for that OP.
2. oidc-agent checks if an account config is loaded for that OP -> No.
3. oidc-agent checks for the default account config for that OP -> None found.

Current State

In the current state oidc-agent can only abort and the client gets an account not loaded error.

Idea

The idea is to automatically start a gen flow to create a new account config, that then can be used and an AT can be successfully returned to the client.

A few things to consider:

• Only possible for OPs where we have a public client or OPs that support open dynamic client registration
  • However, I would restrict this to public client OPs only
• Have to find a reasonable name for the account config
  • Idea: Using the domain name (without any subdomains and TLD), this is not a bad approach, but also not perfect in all cases and the name might already be taken
  • Need algorithm to get to an unique name.
• Which scopes to use:
  • If client requested scopes these must be included
    • Could simply use these, in that case
  • Could use predefined scopes (e.g. openid profile email offline_access)
  • Could use --scope-max
  • Could read scopes to use in such a case from a global config file #412