Support external OIDC IDP with authentication (not public)

[jakkarth]

Is your feature request related to a problem? Please describe.

My security policy does not permit OIDC client definitions that don't include client authentication (eg with a client secret). I cannot configure the client to be "public" as described in the opencloud documentation. Could you please add the client_secret field? Also the OC_OIDC_CLIENT_ID variable isn't mentioned in anywhere in the docs except the list of environment variables; would be good to include that in the external IDP configuration sections.

Describe the solution you'd like

Add OC_OIDC_CLIENT_SECRET variable next to OC_OIDC_CLIENT_ID, I can put the client secret in there, and my non-public keycloak client will let me log in.

Describe alternatives you've considered

Disabling authentication of the web client (can't do this due to organizational security policy for the IDP)

Additional context

[micbar]

@jakkarth All opencloud clients (web, Desktop, iOS and Android) are currently public clients.

Changing that would require code changes on all platforms.

[jakkarth]

Yes, it would. That is why I opened the feature request. Many other apps I self-host support this authentication process. For my own use case for opencloud I wouldn't need it for anything other than web, though. Having at least that partial implementation would be better than none.