SOLR-17845: Implement OAuth support in new UI

[malliaridis]

https://issues.apache.org/jira/browse/SOLR-17845

Description

Multiple authentication options should be supported with the new UI, including OAuth.

Solution

This PR adds support for OAuth in the new UI by using a Ktor server for handling callbacks to the app on desktop, and simple redirects for Web.

Open Tasks

• Implement Web
• Update UI to display multiple authentication options when MultiAuthPlugin used
• Fix MultiAuthPlugin to send X-Solr-Authdata when more than one auth method available
• Close if possible browser tab after authentication flow completed
• Write tests

Tests

Please describe the tests you've developed or run to confirm this patch implements the feature or solves the problem.

Checklist

Please review the following and check all that apply:

• I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
• I have created a Jira issue and added the issue ID to my pull request title.
• I have given Solr maintainers access to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation)
• I have developed this patch against the main branch.
• I have run ./gradlew check.
• I have added tests for my changes.
• I have added documentation for the Reference Guide

[malliaridis]

@epugh PR is still WIP but you can test the current implementation for OAuth on the desktop app (browser not implemented yet). You can run the desktop app via ./gradlew solr:solr.ui:run.

The implementation supports the OAuth flow with PKCE, which is currently the recommended way of authenticating. Sadly, it is not straight-forward to add support for opening the desktop app from the browser via deep links (this dialog in browser that asks you if you want to open the app). So the solution on desktop relies on an embedded server which is listening to http://127.0.0.1:8088/callback for the code and state.

[epugh]

This is exciting... I have a setup where Solr authenticates via oAuth against a Keycloak server. Does that mean in this case the UI would authenticate int he same way? oAuth makes my brain hurt.

[malliaridis]

Does that mean in this case the UI would authenticate int he same way?

Yes, I used keycloak for testing as well. I just haven't made everything configurable yet. So you would have to run Solr on 127.0.0.1:8983 and add keycloak with the JWT auth plugin. I haven't completed the changes yet, but it should likely work with other Solr instances as well.

FYI I had to configure the keycloak instance correctly to generate a proper JWT token for Solr, but if you already have a running configuration, it should work as expected as long as you add the redirect URL http://127.0.0.1:8088/callback to your keycloak client configuration. This redirect URL is the server URL of the Solr desktop app for catching the auth data and signing you in (currently hardcoded).

If you need more information about my testing setup DM me on slack. :)

EDIT: MultiAuthPlugin is not supported because I found another limitation where some information is not sent if client is not faking an AJAX request. I will fix it in this PR too. For testing now avoid MultiAuthPlugin if possible.