feat: enables OIDC auth code flow

[lsirac]

Provides an option for developers to specify the OAuth response type for their OIDC provider (either one of these can be set:):

• id_token
• code (if set, must also set the client secret)

[hiranya911]

Looks mostly good. But we cannot have GenericJson exposed in our public API surface. Plus few other nits.

[hiranya911]

What happens if the developer sets responseTypeCode but doesn't specify a client secret? Should the SDK validate that? Let's at least have a test case to exercise that scenario.

[lsirac]

I'm letting the backend deal with it - they will return an error. I can't do this check in update, and if you want me to make this check in create then we'll be forcing the dev to call setClientSecret before calling setCodeResponseType. If you prefer I do that let me know.

[hiranya911]

See my other comment.

[hiranya911]

LGTM with a couple of suggestions.

[hiranya911]

In the Node.js SDK we are adding checks to make sure that exactly one is true, when both code and idToken response types are specified. If we want we can do something similar here too. But it will probably require some additional changes.

In the AbstractCreateRequest and AbstractUpdateRequest classes:

protected void validate() { }

Map<String, Object> getProperties() {
    this.validate();
    return ImmutableMap.copyOf(properties);
}

Now in OidcProviderConfig.CreateRequest and OidcProviderConfig.UpdateRequest:

private static void validateResponseTypes(Map<String, Object> properties) {
  // Check if clientSecret is set when code = true
  // Check that when both code and idToken are specified, they are not both true or both false
}

@Override
protected void validate() {
  validateResponseTypes(this.properties);
}

Take it as a suggestion. I think for the initial release, the way it's implemented now is probably fine.

[hiranya911]

See my other comment.