Authentication with OpenID Connect (OIDC) would be a useful addition to CodeChecker authentication methods.
https://openid.net/developers/how-connect-works/

Currently, only PAM and LDAP authentication methods are supported, but there are cases where these methods are not flexible enough,
for example, in the demo server (https://codechecker-demo.eastus.cloudapp.azure.com), only a few predefined users exist, the viewing and administration must be done by using those, instead of using the proper users and permissions.

Phase I.

Requirements:

• The feature must be implemented with https://github.com/lepture/authlib, https://docs.authlib.org/en/latest/index.html.
• It should be possible to authenticate the user using the GitHub/Google (user-selectable) accounts over the web login screen.
• Two-factor authentication should be supported if required by GitHub, or Google.
• After successful authentication the user should be let in based on server settings (see below).
• If the user authenticates once with GitHub, and in another case with Google, the same (user entity) should be used based on the email address.
• If the user is not allowed to log in yet, bring the user to a landing page where she/he is informed that she/he must ask for permission to access the CodeChecker server. The CodeChecker admin can add the user manually to the allowed_users list.
• Extend the CodeChecker authentication configuration https://github.com/Ericsson/codechecker/blob/master/docs/web/authentication.md with a new authentication method method_oauth and define the configuration parameters needed for the github and google external authenticators

The user entry should be restricted in two methods:

• Let in everyone after successful authentication. (Phase I.)
• Only let in those who are members of the predefined allowed_users group (Phase II.)

Phase II.

Group membership assignment based on Microsoft Entra Authentication domain.

#4349

Phase III.

Group membership managment using the internal db specified in ticket #4302