Add option to enable redirect-based OAuth flow

[thepatrickchin]

Is this a new feature, an improvement, or a change to existing functionality?

Improvement

How would you describe the priority of this feature request

High

Please provide a clear description of problem this feature solves

Several users have reported authentication failures which we have determined to be caused by browser popup blockers, popup losing focus, or popup rendering behind the main window. We would like the option for redirect-based OAuth flow to avoid these popup-related issues. In general, redirect-based flows are the more standard and recommended approach.

Describe your ideal solution

A new option in auth provider configuration called use_redirect_auth that will allow us to toggle between popup-based auth flow and redirect-based auth flow. The redirect auth flow can be opt-in so use_redirect_auth would be false by default to preserve existing behavior. For example:

authentication:
  test_auth_provider:
    _type: oauth2_auth_code_flow
    redirect_uri: http://localhost:8000/auth/redirect
    authorization_url: http://localhost:5001/oauth/authorize
    token_url: http://localhost:5001/oauth/token
    token_endpoint_auth_method: client_secret_post
    scopes:
      - openid
      - profile
      - email
    client_id: ${NAT_OAUTH_CLIENT_ID}
    client_secret: ${NAT_OAUTH_CLIENT_SECRET}
    use_pkce: false
    use_redirect_auth: true

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct
• I have searched the open feature requests and have found no duplicates for this feature request