RFE: Protect Authentication and Authorization of the SCIMv2 Service with OAuth2 Bearer Token Authentication.

[f-trivino]

The SCIM 2.0 protocol supports multiple HTTP-based authentication schemes to enable API access by some SCIM clients. Currently, only httpbasic is supported and there is no Authorization defined. The aim of this ticket is to implement support for Oauth2 with bearer token.

The new auth scheme should be exposed in the “/ServiceProviderConfig” endpoint for the auto-discovery service.

OAuth2 Bearer Token allows the authentications to be delegated to a OIDC server outside of the SCIM API implementation apart from making the auth mech compatible with OIDC. The best security practices related to bearer tokens (like TLS transport, limited scoping, short lifetimes) must be enforced.

Ideally, we should also define authorization scopes such as scim read and scim write so that the client can request the minimum access to the API.