First diff related to users authentication in swh-web based on OpenID Connect (implemented in Keycloak).
The scope of that diff is the authentication of users from the main HTML interface of swh-web.
This could be used to enable special GUI features (for instance admin pages) based on user group
or permissions (currently not handled, will be implemented in T2295 and T2247).
Users get authenticated by using the OIDC Authorization Code Flow with PKCE extension,
based on the use of a temporary dynamic client secret instead of storing a static one
on the backend side.
The main additions in that diff are located in the new swh.web.auth module containing the following files:
- backends.py: add Django plumbing to use OpenID Connect authentication layer
- keycloak.py: contains a wrapper class around the use of the [[ https://github.com/marcospereirampj/python-keycloak | python-keycloak ]] module to ease the interaction with a Keycloak server.
- models.py: a custom Django User model used for remote users in order to store OpenID Connect related data and avoid to save users to Django database (those sensitive information are already securely stored in *Keycloak* so there is no need to duplicate them).
- views.py: new Django views in order for users to login/logout from the main HTML interface.
Previous admin login based on standard Django login features is still available.