OIDC: abstraction layer for scopes and fields

[FroMage]

Description

Every damn OIDC provider has different names and scopes for the same damn things:

quarkus.oidc.authentication.scopes=openid,email,profile

quarkus.oidc.github.authentication.scopes=user:email

quarkus.oidc.microsoft.authentication.scopes=openid,email,profile

quarkus.oidc.facebook.authentication.scopes=email,public_profile
quarkus.oidc.facebook.user-info-path=https://graph.facebook.com/me/?fields=id,name,email,first_name,last_name

quarkus.oidc.apple.authentication.scopes=openid,email,name

And then they come from different places because Github and Facebook requires UserInfo, while GitHub even requires another REST call to get the email.

It would be nice to have an abstraction that we could use to specify the fields we want, such as:

# Would be nice to be able to specify settings on every tenant with *
quarkus.oidc.*.authentication.scopes=quarkus:email,quarkus:name

This would turn quarkus:* scopes into whatever provider-specific scopes and other settings required to obtain them. Extra bonus points if it also automatically turns the UserInfo fields into the proper IdToken claims such as explained in #22030

TBH, this seems like a nice-to-have and not a hard requirement.

Implementation ideas

No response

[quarkus-bot]

/cc @pedroigor, @sberyozkin

[sberyozkin]

@FroMage I'm sorry, but I'd rather close this one as we have a PR under way to support the provider specific setups in a nice way

[sberyozkin]

Lets deal with it as part of #20783

[FroMage]

But that PR doesn't deal with an abstraction for scopes, I don't see how they're the same thing…