sources/oauth: add initial group sync

[BeryJu]

Details

Add the option to allow OIDC sources to sync groups

• Only for OIDC at the moment even though other source types may support it
• Requires inputting the claim for groups which requires a list of group names
  (Some sources like Azure AD return a list of UUIDs from the groups which we'd need additional logic to resolve)

closes #6184

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)
• The translation files have been updated (make i18n-extract)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	d9428dc
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/64c685ecd276e80008e59a2f

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	8980bef
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/64c67c71dbacde00081b927f
😎 Deploy Preview	https://deploy-preview-6427--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Patch coverage: 93.34% and no project coverage change.

Comparison is base (2ac7eb6) 92.46% compared to head (d9428dc) 92.46%.
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6427      +/-   ##
==========================================
- Coverage   92.46%   92.46%   -0.00%     
==========================================
  Files         561      561              
  Lines       27053    27078      +25     
==========================================
+ Hits        25012    25035      +23     
- Misses       2041     2043       +2     

Flag	Coverage Δ
e2e	51.58% <93.34%> (+0.03%)	⬆️
integration	26.54% <46.67%> (+0.03%)	⬆️
unit	89.24% <56.67%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
authentik/sources/oauth/api/source.py	82.48% <ø> (ø)
authentik/sources/oauth/tests/test_type_openid.py	100.00% <ø> (ø)
authentik/sources/oauth/views/callback.py	83.53% <91.31%> (+2.58%)	⬆️
authentik/core/models.py	92.71% <100.00%> (ø)
authentik/core/sources/flow_manager.py	94.24% <100.00%> (ø)
authentik/sources/oauth/models.py	100.00% <100.00%> (ø)
authentik/sources/oauth/types/oidc.py	100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[insunaa]

Looks like a great feature!
Will it be possible in the future to not just sync the group's name, but also the gid?

[kPKfQKhuz86]

hey, just bumping this one up.

this is a deal breaker in my case and due to lack of this feature, I can't consider authentik a solution for my case at the moment. hoping this one is implemented soon, as otherwise I find authentik very intuitive to use!

[los93sol]

Will this be available soon? Really need this for my use case

[BeryJu]

superseded by #8771