Enable OIDC bearer token authentication

[avinash-0007]

This Mr solves the issue mention in below ticket
#242

[akhil1508]

@pulsejet Any update on this?

[akhil1508]

• For the non-OCS routes for e.g. notes API (/apps/notes/api/v0.2/notes) to work we also need a patch for lib/private/AppFramework/Middleware/Security/CORSMiddleware like

--- lib/private/AppFramework/Middleware/Security/CORSMiddleware.php	2024-04-08 08:53:20.410444998 +0530
+++ lib/private/AppFramework/Middleware/Security/CORSMiddleware-new.php	2024-04-09 19:05:21.133629632 +0530
@@ -97,6 +97,10 @@
 			// Allow to use the current session if a CSRF token is provided
 			if ($this->request->passesCSRFCheck()) {
 				return;
+			}			
+			// Skip CORS check for requests with oidc token auth.
+			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('is_oidc_token_login') === 1) {
+				return;
 			}
 			// Skip CORS check for requests with AppAPI auth.
 			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) {

• This is because CORS requires BASIC auth
• We can also set the session key to app_api as the CORS check is skipped for this one too as per https://github.com/nextcloud/server/blob/10fc78a9ea0d8a2081c1185f8f4c4b63b631d88e/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#L96 but this approach seems hacky
  • I will add a PR to upstream to get the session change to be accepted, maybe their official user_oidc plugin could also use it 🤔

[akhil1508]

@pulsejet I await response from NC devs on nextcloud/user_oidc#836 so we can avoid patching