proxyauth: user OpenID instead of basic auth

src/services.js

@@ -1737,6 +1737,25 @@ async function setupProxyAuth(app, options) {
 
     const env = [ { name: 'CLOUDRON_PROXY_AUTH', value: '1' } ];
     await addonConfigs.set(app.id, 'proxyauth', env);
+
+    debug('Creating OpenID client for proxyAuth');
+
+    // openid client_id is appId for now
+    const [error, result] = await safe(oidc.clients.get(app.id));
+    if (error) throw error;
+
+    // ensure we keep the secret
+    const data = {
+        secret: result ? result.secret : hat(4 * 128),
+        loginRedirectUri: `https://${app.fqdn}/callback`,
+        logoutRedirectUri: '',
+        tokenSignatureAlgorithm: 'RS256',
+        name: '',
+        appId: app.id
+    };
+
+    if (result) await oidc.clients.update(app.id, data);
+    else await oidc.clients.add(app.id, data);
 }
 
 async function teardownProxyAuth(app, options) {
@@ -1744,6 +1763,11 @@ async function teardownProxyAuth(app, options) {
     assert.strictEqual(typeof options, 'object');
 
     await addonConfigs.unset(app.id, 'proxyauth');
+
+    debug('Deleting OpenID client for proxyAuth');
+
+    const [error] = await safe(oidc.clients.del(app.id));
+    if (error && error.reason !== BoxError.NOT_FOUND) throw error;
 }
 
 async function setupDocker(app, options) {