migrate to keycloak as IDP

[jeriox]

Migrates users to use the new sub from OIDC claims

closes #336

[frcroth]

Can you provide test setup instructions?

[jeriox]

My testing looked as follows:

• log in with old OIDC provider with the configuration from main
• checkout this branch, enter client_id and secret from auth.myhpi.de in .env
• login with Keycloak and see how the sub of your user changes from firstname.lastname to your UUID

[dasGoogle]

As we now have set up some basic group management in our Keycloak, I'd suggest we also integrate that into this PR.

@frcroth In case you want to test the setup yourself, please contact me or @lukasrad02 directly so we can give you some testing credentials.

[jeriox]

@dasGoogle yep that was the plan, can you provide me with some infos on how the groups look in the OIDC claim or do I have to figure that out on my own? :D (would probably be good to write that down somewhere for the future anyways)

[dasGoogle]

There will most likely (not Setup yet) a claim called "role", containing an array of arbitrary strings, each of which being a unique identifier for a group. @lukasrad02 and I expect that this mapping of ID to actual myHPI group would happen based on an attribute on each myHPI Group.

[jeriox]

After another discussion with @dasGoogle we decided against a separate identifier for the groups and will instead use the group name directly (e.g. "student"). We could change our templates to capitalize the group names for the UI

[coveralls]

Pull Request Test Coverage Report for Build 7116695497

• 24 of 28 (85.71%) changed or added relevant lines in 4 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-0.03%) to 74.263%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
myhpi/core/auth.py	13	15	86.67%
myhpi/core/models.py	5	7	71.43%

Files with Coverage Reduction	New Missed Lines	%
myhpi/core/auth.py	1	87.88%

Totals
Change from base Build 6850993127:	-0.03%
Covered Lines:	1235
Relevant Lines:	1663

---

💛 - Coveralls