Support Oauth 2.0 flow for SSO

We are currently integrating Featurebase into our platform and noticed that the current Single Sign-On (SSO) implementation supports JWT-based authentication. While this works well for simple setups, we would like to request OAuth 2.0 support as an additional SSO mechanism.

Use Case:
Our organization uses Ory Hydra as an OAuth 2.0 and OpenID Connect provider to manage authentication and authorization for our users. This allows us to centralize identity management and enforce security policies across all applications. However, since Featurebase relies on JWT tokens passed directly via query parameters, integrating with Hydra requires additional middleware to bridge the gap between OAuth and Featurebase's JWT-based SSO flow.

Challenges with Current Setup:

1. Additional overhead to validate OAuth tokens and transform them into Featurebase-compatible JWTs.

2. Loss of native OAuth 2.0 features like refresh tokens, token introspection, and revocation.

3. Difficulty in managing multi-app authentication workflows within a single identity provider.
   

Feature Request:
We would like Featurebase to support OAuth 2.0 and OpenID Connect as an alternative SSO mechanism, allowing us to:

• Configure an OAuth authorization endpoint for login.

• Accept an Authorization Code or Implicit Flow for token exchange.

• Validate tokens via a JWKS URI or Introspection Endpoint.

• Provide support for Scopes and Claims Mapping to handle user attributes.

• Seamlessly redirect users after authentication, similar to the current JWT-based flow.

Benefits:

• Simplifies integration with modern identity providers like Hydra, Auth0, Okta, and Keycloak.

• Enhances security through native OAuth 2.0 mechanisms.

• Allows better scalability for enterprises managing multiple applications.
  

Priority:
While the current JWT-based SSO is functional, adding OAuth 2.0 support would significantly streamline our authentication process. We would appreciate it if this could be considered in the upcoming roadmap.