Add custom OAuth option

[MomentQYC]

Add custom OAuth option.

[zeripath]

You're going to have to explain this a bit more clearly.

[MomentQYC]

At present, the third-party OAuth options of Gitea are very limited. It is recommended to add a custom OAuth configuration to theoretically enable any OAuth server to access Gitea, so as to increase Gitea selectivity.

[zeripath]

We have the OpenIDConnect provider which can be used if the provider obeys the spec expected by that provider. However, for example, Azure AD doesn't appear to work correctly for that. It may be possible to improve/change the OpenIDConnect implementation to fix some of the issues but one of the following things would have to happen:

• The administrator/user having the issue would have to work it out themselves through working out where to add all the necessary debug logging and tracing the replies from the OpenIDConnect server in question.
• The administrator/user having the issue would have to provide one of the Gitea developers with all the information necessary to figure out what the issue is. This case would likely require issue reporters to directly contact one of the maintainers on discord regarding the issue, give them the openidconnect information to allow them to reproduce the issue for the maintainer to debug it directly themselves - and likely for the reporter to pay said developer some money for spending their time doing so.

With all that being said I am still concerned that going a purely generic OpenIDConnect route may not be possible, the underlying library we use:

https://github.com/markbates/goth/tree/master/providers

has specific provider implementations for individual providers - implying that there are sufficient differences and behavioural changes that simply providing a Generic provider is not going to work well in all cases. This means that we need to integrate each of the providers above individually - however, this library does not provide a common interface or control mechanism for adding these meaning each provider needs to be added specifically.

Further the current methods in Gitea for adding these are not great.

My latest PR #16544 changes the way in which we add providers to Gitea to make integrating others from the above library a bit easier - (the mechanism in #16544 is still not quite right and further improvements are required). However adding providers will still require code changes due to the underlying heterogeneity in the library.

---

So in summary:

• There is a generic OpenIDConnect provider already.
• When it doesn't work users aren't giving us the necessary information to help debug things - that's probably because our implementation doesn't give users enough information but to improve that situation someone is going to have debug it themselves or give us specific access to a not working OpenIDConnect.
• I suspect that OpenIDConnect isn't ever going to work for most providers because despite there being a standard it appears that there is too much heterogeneity.
• This underlying heterogeneity is also expressed even at the library level meaning adding new providers is actually more involved than just "configuration".