[OIDC] Document scope and prompt parameters in vanilla desktop + mobile apps

[michaelstingl]

WHAT Needs to be Documented?

Vanilla desktop + mobile apps send fixed scope and prompt parameters in the OIDC login flow. (changing them via branding and MDM should be documented somewhere else: #384 )

WHERE Does This Need To Be Documented (Link)?

• https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/oidc.html
  (new paragraph, after "Client IDs, Secrets and Redirect URIs")

WHY Should This Change Be Made?

Admins and support team should know about this.

(Optional) What Type Of Content Change Is This?

• New Content Addition
• Old Content Deprecation
• Existing Content Simplification
• Bug Fix to Existing Content

(Optional) Which Manual Does This Relate To?

• Admin Manual
• Developer Manual
• User Manual
• Android
• iOS
• Branded Clients
• Desktop Client
• Other

[TheOneRing]

https://github.com/owncloud/client/blob/9aa319f4852f1065be1809d2a1c2231ed1d2062b/src/libsync/theme.cpp#L619-L627

[jesmrec]

Android app:

3.x versions (3.0.4 as stable):

• scope is openid offline_access email profile by default (brandable)
• prompt not used

4.0+ versions (incoming)

• scope is openid offline_access email profile (brandable)
• prompt is select_account by default. It will be brandable via https://github.com/owncloud/ownbrander/issues/1062

[felix-schwarz]

The iOS app sends:

• for scope: openid offline_access email profile (brandable via authentication-oauth2.oidc-scope)
• for prompt: select_account consent (will be brandable via authentication-oauth2.oidc-prompt in new version 12.0 builds)

[michaelstingl]

ocis.ocis-traefik.latest.owncloud.works

prompt: select_account	prompt: consent

ocis.ocis-keycloak.latest.owncloud.works

Keycloak doesn't respect the prompt: select_account:

It opens directly the prompt: consent in the context of the existing user session. @wkloucek any idea?