Custom OAuth2 Authroziation Hardcoded in Database

[Aiosa]

V6 brings support for custom OAuth2 flows. However, one still needs to manage database of users & their access rights. However, such data can be driven dynamically by external services, which is desirable in any bigger project where multiple such apps live together.

See CustomOAuth2AuthorizationConfig:

        var authenticatedPortalUser = loadPortalUser(oidcUser.getEmail(), oidcUser);   // fetches user from cbio DB based on email entry
        if (Objects.isNull(authenticatedPortalUser.cbioUser) || !authenticatedPortalUser.cbioUser.isEnabled()) {
            log.error("User: {} either not in db or not authorized", oidcUser.getEmail());
            throw new OAuth2AuthenticationException("user not authorized");              // throws error even if the user was sucessfully authenticated
        }
        ...

A desirable way of doing this would be an ability to provide custom logics for the authentication and authorization resolution.

[Aiosa]

There are no tests since it does not introduce new functionality. It introduces an ability to bring a new functionality, but current tests should just catch all issues.