Add OIDC userinfo endpoint for User-Agent to obtain claims about the End-User

[shawnhankim]

Issue:

• Add OIDC userinfo endpoint for User-Agent to obtain claims about End-User #75

Background:
As a Product Manager (PM) of NGINX Management Suite - API Connectivity Management (NMS-ACM) or a PM of SPA,
I want a User-Agent to obtain claims about End-User to show signed-in user information in detail using the OIDC userinfo endpoint of the OP.

Description:

• Added a map variable of $oidc_userinfo_endpoint
• Added a config example of obtaining claims about End-User using the oidc_userinfo_endpoint.

[shawnhankim]

@route443 :

• Thanks for your review in detail for the PR.
• This PR is to simplify from the previous PR.
• For you to easily manage this repo to reduce any concerns from the enhancements based on the reviews on the PR, I have divided a big PR into small PRs, and this is one of PRs.
• Let me know if you have any questions.

[route443]

Information from Userinfo endpoint is returned to the client (nginx) and the client should be able to use it, for example in the form of variables. This cannot be done with the proposed patch => it doesn't bring any benefit to the OIDC reference implementation.
Secondly, it can mislead users, we declare that we support Userinfo endpoint, but there is no way to access the final keys and their values.
Your current goals for getting Userinfo from the User Agent are outside of the OIDC specification and outside of our reference implementation, so I'd recommend to use the following config:

    location = /foobar {
        error_page 401 = @do_oidc_flow;
        proxy_intercept_errors on;
        proxy_ssl_server_name on;
        proxy_set_header Authorization "Bearer $access_token";
        proxy_pass $oidc_userinfo_endpoint;
    }

[shawnhankim]

Information from Userinfo endpoint is returned to the client (nginx) and the client should be able to use it, for example in the form of variables. This cannot be done with the proposed patch => it doesn't bring any benefit to the OIDC reference implementation. Secondly, it can mislead users, we declare that we support Userinfo endpoint, but there is no way to access the final keys and their values. Your current goals for getting Userinfo from the User Agent are outside of the OIDC specification and outside of our reference implementation, so I'd recommend to use the following config:

    location = /foobar {
        error_page 401 = @do_oidc_flow;
        proxy_intercept_errors on;
        proxy_ssl_server_name on;
        proxy_set_header Authorization "Bearer $access_token";
        proxy_pass $oidc_userinfo_endpoint;
    }

• FYI. This feature was originally requested by the PM in the team who manage this OIDC repo before you started joining your team. Hence, it was firstly used to NGINX Management Suite - API Connectivity Manager, and the PM's plan was to donate here.
• However, as the goal and benefit per product can be always changed and enhanced based on other aspects, I respect your suggestion. I will try thinking of how to enhance based on your comments. Thanks for your suggestion.

[shawnhankim]

@route443 :

• Thanks for your opinion.
• The previous /userinfo location is removed and is going to separately used as the App level reference implementation in the other repo as it is the requirement of NMS-ACM's requirement.
• Revised it as this repo is to provide simpler reference implementation for a proxy instead of application.
• Let me know if I miss anything.