Introduce OidcRedirectFilter

[sberyozkin]

Fixes #40562.

Simple PR which introduces a noteworthy feature, since an ability to customize OIDC redirects dynamically, especially in the presence of multiple OIDC providers, should become useful. Custom providers can add extra query parameters or set response headers as has been tried recently without success, or create secure cookies to help with generating better local redirect error or session expired pages. This PR simply runs every redirect URI through filters if they are available.

Summary for this PR's changes:

• Get the registered OidcRedirectFilters and run them for every redirect which can be done at the CodeAuthenticationMechanism level
• Makes 2 OidcUtils method publicly accessible to help custom filters to create or remove cookies if they need to
• Adds a test where a custom redirect redirect filter encrypts a user name in a cookie and the custom session expired JAX-RS resource handler decrypts this cookie to create a user tailored message. (I had to tweak the test setup a bit to support proper-length encryption client secrets)
• Updates docs

This PR can be considered a follow up to #40539 - without this PR custom session expired pages can only be produced for single OIDC tenant setups.

Hope it can make to 3.11.0.CR1 or 3.11.0

[github-actions]

🙈 The PR is closed and the preview is expired.

[gastaldi]

LGTM

[sberyozkin]

Thanks @gastaldi, I'd like now to wait a bit in case @pedroigor has some more comments, cheers

[sberyozkin]

@gastaldi Sorry, there was a java docs typo, missing space, and some duplicate text, I only noticed after re-reading it a few times :-)

[quarkus-bot]

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 9a910fa.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

⚠️ There are other workflow runs running, you probably need to wait for their status before merging.

[quarkus-bot]

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 9a910fa.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

[pedroigor]

LGTM

[sberyozkin]

Thanks @pedroigor.
Indeed, as far as possible optimizations are concerned like having @SessionExpiredPage annotations, it can be handled in a follow up PR

[sberyozkin]

Let me merge now, we can follow up early next week if needed.

[sberyozkin]

Proposing a backport to the 3.11 branch for this PR to make it to final 3.11.0 and to make #40539 useful in a mult-tenant OIDC setup