Allow OIDC authentication param customization via theme system

[GingerJones]

Describe the feature you'd like

It would be really great if you could add support of the prompt parameter from the OIDC spec (search "select_account" to find the section):

https://openid.net/specs/openid-connect-basic-1_0.html

In particular I am interested in the select_account option.

prompt
  OPTIONAL. Space-delimited, case-sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are:

  none
      The Authorization Server MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required. This can be used as a method to check for existing authentication and/or consent.

  login
      The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.

  consent
      The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required.

  select_account
      The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typically account_selection_required.

Describe the benefits this would bring to existing BookStack users

This allows more control over the authentication process, for example: allowing more control over which account should be logged in from currently active sessions.

Can the goal of this request already be achieved via other means?

No. This should not effect the current method as prompt would only be passed into the authentication URL if the env var was added.

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Under 3 months

Additional context

No response

[ssddanbrown]

Thanks for the request @GingerJones.

I'm not sure it'd be worth implementing options for each extra optional parameter (or something akward like an array via config) since there's been little desire for this, but we could instead provide a logical theme event which allows any desired customization of authentication request options?

[GingerJones]

Thanks for the fast reply!

I think that a logical theme event would be a fantastic alternative to solve the problem. :)

[ssddanbrown]

@GingerJones Good to hear that solution would be helpful! I've updated the title/focus of this issue to be for a new theme event, and assigned it for the next feature release.