feat(server): custom oidc authorization page for form_post response method

[levkohimins]

This pull request solves two issues:

1. Applies correct Content Security Policy to the oidc authorization page, see related issue #4669.
2. Customize oidc authorization page (text with animation).

[authelia]

Thanks for choosing to contribute @levkoburburas. We lint all PR's with golangci-lint and eslint, I may add a review to your PR with some suggestions.

You are free to apply the changes if you're comfortable, alternatively you are welcome to ask a team member for advice.

Artifacts

These changes once approved by a team member will be published for testing on Buildkite, DockerHub and GitHub Container Registry.

Docker Container

• docker pull authelia/authelia:PR4670
• docker pull ghcr.io/authelia/authelia:PR4670

[netlify]

✅ Deploy Preview for authelia-staging ready!

Name	Link
🔨 Latest commit	fb4b984
🔍 Latest deploy log	https://app.netlify.com/sites/authelia-staging/deploys/63b091942c3e7a00076bf820
😎 Deploy Preview	https://deploy-preview-4670--authelia-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[james-d-elliott]

Thanks for the PR. However I'd rather this is solved by adjusting the template returned from fosite.FormPostHTMLTemplateProvider using sha256 hashes instead (in addition to making a special CSP middleware for the authorization endpoint which adds the sha256's when the response mode is form_post).

[levkohimins]

Thanks for the PR. However I'd rather this is solved by adjusting the template returned from fosite.FormPostHTMLTemplateProvider using sha256 hashes instead (in addition to making a special CSP middleware for the authorization endpoint which adds the sha256's when the response mode is form_post).

Thank you for the review!

This could be a great solution, if only this approach also supported passing variables. It is important for me to display the clientID/clientDescription, in fact, where the redirect goes.

I will try to make code changes in fosite, if they accept them, I will redo this PR, otherwise this approach is preferable for me.

[james-d-elliott]

I don't think it's necessary to implement the client description in the short term (nice to have, but not important). However I'm relatively certain they'd be open to implementing an interface addition to the configurator with a signature similar to below:

type FormPostResponseProvider interface {
    GetWriteAuthorizeFormPostResponse(ctx context.Context) func(redirectURL string, parameters url.Values, template *template.Template, rw io.Writer)
}

Or maybe something like this:

type FormPostHTMLTemplateExtraValuesProvider interface {
    GetFormPostHTMLTemplateExtraValues(ctx context.Context) map[string]interface{}
}

If you'd like I can just push the fix and you can work on the nice to have, I'll leave it up to you however.

[levkohimins]

I liked your first suggestion, because it seems to me that it gives more opportunities

type WriteAuthorizeFormPostResponseProvider interface {
	GetWriteAuthorizeFormPostResponse(ctx context.Context) func(rw io.Writer, template *template.Template, redirectURL string, parameters url.Values)
}

I created the PR #731 with discussed changes.

If you'd like I can just push the fix and you can work on the nice to have, I'll leave it up to you however.

Thank you, but it's up to you. I am working with the forked repo, it doesn't bother me.

[levkohimins]

By the way, I'm not very good at frontend, perhaps you should check it and maybe improve something at your discretion.