Handle external authentication providers

[kjac]

Prerequisites

• I have added steps to test this contribution in the description below

Description

This PR adds handling for external authentication providers for the new backoffice.

Testing this PR

Setup

First and foremost you need an external authentication provider configured. For testing we'll use GitHub.

1. Create a GitHub OAuth app at https://github.com/settings/developers (or ask KJA for one).
   • The app configuration should looks something like this:
     
2. Include the NuGet package AspNet.Security.OAuth.GitHub in your site.
3. Unzip this file and add the code to your site.
4. Add your app ID and secret to GitHubAuthenticationExtensions:
   
5. Add .AddGitHubAuthentication() to ConfigureServices(IServiceCollection services) in Startup.
6. Verify that the Umbraco login screen now says "Sign in with GitHub" (don't click it!):
   

Testing local login

Verify that you can still login to the new backoffice using your local account.

1. Make sure you're logged out of Umbraco
2. Go to https://localhost:44331/umbraco/management/api/v1.0/security/back-office/authorize?client_id=umbraco-back-office&scope=offline_access&response_type=code&code_challenge=WZRHGrsBESr8wYFZ9sx0tPURuZgG2lmzyvWpwXPKz8U&code_challenge_method=S256
3. Login with your local account.
4. Verify that you get a 404 page with a code in the URL (this means the login was successful):
   

Testing remote login (implicitly)

1. Make sure you're logged out of Umbraco
2. Go to https://localhost:44331/umbraco/management/api/v1.0/security/back-office/authorize?client_id=umbraco-back-office&scope=offline_access&response_type=code&code_challenge=WZRHGrsBESr8wYFZ9sx0tPURuZgG2lmzyvWpwXPKz8U&code_challenge_method=S256
3. Click "Sign in with GitHub"
4. Verify that you are redirected to your GitHub app for verification
5. Complete the verification/sign-in flow at GitHub
6. Verify that you get a 404 page with a code in the URL (same as above)

Testing remote login (explicitly)

1. Make sure you're logged out of Umbraco
2. Go to https://localhost:44331/umbraco/management/api/v1.0/security/back-office/authorize?client_id=umbraco-back-office&scope=offline_access&response_type=code&code_challenge=WZRHGrsBESr8wYFZ9sx0tPURuZgG2lmzyvWpwXPKz8U&code_challenge_method=S256&identity_provider=Umbraco.GitHub
3. Follow steps 4 through 6 from the previous test
   • Note that these steps might happen nearly instantaneously if you are already logged into GitHub, but you can still see them happening in the Network tab of the Chrome console.

Testing Swagger access with local login

1. Make sure you're logged out of Umbraco
2. Go to https://localhost:44331/umbraco/swagger/index.html
3. Make sure you are logged out of Swagger (click the "Authorize" button if it has a closed padlock icon and pick "Logout" in the popup)
4. Click the "Authorize" button and pick "Authorize"
5. Verify that you are lead to the login screen (likely in a new tab)
6. Verify that you still authorize with your local account, and that you are redirected back to the Swagger UI afterwards

Testing Swagger access with external login

1. Make sure you're logged out of Umbraco
2. Go to https://localhost:44331/umbraco/swagger/index.html
3. Make sure you are logged out of Swagger (click the "Authorize" button if it has a closed padlock icon and pick "Logout" in the popup)
4. Click the "Authorize" button and pick "Authorize"
5. Verify that you are lead to the login screen (likely in a new tab)
6. Verify that you can complete the authorization flow using the "Sign in with GitHub" option, and that you are redirected back to the Swagger UI afterwards

[kjac]

This TODO has been added to the backlog item "New login screen" (23812)

[nikolajlauridsen]

Looks good, and tests out good 🎉 👍

And thank you for the great testing instructions 🙌