Followup to #11844

To help us register your application in our OIDC service, we need some
information from you:

Note: all the default values provided here are based on the default choice/
implementation of flask-oidc. If you do not use this library you may have to
refer to the documentation of your library.

Some generic information first:
- What is the application main URL?

https://nextcloud.famna.fedorainfracloud.org
- Who will be the main contact for the application, or will this be core
infrastructure?

Scott Williams (vwbusguy).
Alternatively, Brian Monroe (paradoxguitarist).
- What privacy policy will be applicable to the application, or will this be
the standard Fedora privacy policy?
Standard Fedora policy

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
- flask-oidc defaults to: <APPLICATION_URL>/oidc_callback
but it's configurable (so double-check)
https://nextcloud.famna.fedorainfracloud.org/index.php/apps/oidc_login/oidc

• Does the application need the user names, or will an application-specific
  pseudonym suffice?
• ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to
  get the user's username. If not, this question likely does not matter for
  your application
  There is a value mapping config:

// Use ID Token instead of UserInfo
    'oidc_login_use_id_token' => false,

    // Attribute map for OIDC response. Available keys are:
    //   * id:           Unique identifier for username
    //   * name:         Full name
    //                      If set to null, existing display name won't be overwritten
    //   * mail:         Email address
    //                      If set to null, existing email address won't be overwritten
    //   * quota:        Nextcloud storage quota
    //   * home:         Home directory location. A symlink or external storage to this location is used
    //   * ldap_uid:     LDAP uid to search for when running in proxy mode
    //   * groups:       Array or space separated string of Nextcloud groups for the user.
    //                   Note that the name here corresponds to the GID of the group and not the display name
    //                   In the admin panel, the GID may be obtained from the URL when editing a group
    //   * login_filter: Array or space separated string. If 'oidc_login_filter_allowed_values' is
    //                      set, it is checked against these values.
    //   * photoURL:     The URL of the user avatar. The nextcloud server will download the picture
    //                      at user login. This may lead to security issues. Use with care.
    //                      This will only be effective if oidc_login_update_avatar is enabled.
    //   * is_admin:     If this value is truthy, the user is added to the admin group (optional)

• Which authorization flow does the application use?
• flask-oidc: authorization_code
• Which token authentication method does the application use?
• flask-oidc: client_secret_post
• Which response type does the application rely on?
• flask-oidc: Code
  These appear to be the defaults for this OIDC app as well, though there are other optional methods. I'm fine with using these.

If Fedora uses KeyCloak for OIDC, this app has instructions for setting it up on the Provider side: https://github.com/pulsejet/nextcloud-oidc-login?tab=readme-ov-file#usage-with-keycloak