Description

This PR adds additional flag to Entra ID provider - entra_id_federated_token_auth_enabled. When enabled, oAuth2 proxy exchanges code for tokens by using federated token projected in the well known place by Entra Workload Identity plugin.

This change introduces a custom implementation of Redeem(). When federated auth is enabled, tokens are retrieved by custom query (with different parameters), and passed to generic p.OIDCProvider.createSession().

Motivation and Context

Workload Identity in Entra allows to stop using hardcoded client secret which is a huge benefit for IaaC, reference architectures and secret management.

How Has This Been Tested?

E2E testing for Entra provider has been extended to perform same 15 cases that are performed with client-secret configuration. Test are passing properly.

Checklist:

• My change requires a change to the documentation or CHANGELOG.
• I have updated the documentation/CHANGELOG accordingly.
• I have created a feature (non-master) branch for my PR.
• I have written tests for my code changes.