Remove social oauth (Azure, Github, Google) (#15549)

Remove social oauth (Azure, Github, Google)

Co-authored-by: jessicamack <jmack@redhat.com>

7 files changed, 8 insertions, 331 deletions

diff --git a/docs/auth/README.md b/docs/auth/README.md
index 9cb4d66214..eaec48265c 100644
--- a/docs/auth/README.md
+++ b/docs/auth/README.md
@@ -1,14 +1,7 @@
 This folder describes third-party authentications supported by AWX. These authentications can be configured and enabled inside AWX.
 
 When a user wants to log into AWX, she can explicitly choose some of the supported authentications to log in instead of AWX's own authentication using username and password. Here is a list of such authentications:
-* Google OAuth2
-* Github OAuth2
-* Github Organization OAuth2
-* Github Team OAuth2
-* Github Enterprise OAuth2
-* Github Enterprise Organization OAuth2
-* Github Enterprise Team OAuth2
-* Microsoft Azure Active Directory (AD) OAuth2
+* OIDC (OpenID Connect)
 
 On the other hand, the other authentication methods use the same types of login info (username and password), but authenticate using external auth systems rather than AWX's own database. If some of these methods are enabled, AWX will try authenticating using the enabled methods *before AWX's own authentication method*. The order of precedence is:
 * SAML
diff --git a/docs/credentials/extract_credentials.md b/docs/credentials/extract_credentials.md
index abbbdad88a..12fe0fea5c 100644
--- a/docs/credentials/extract_credentials.md
+++ b/docs/credentials/extract_credentials.md
@@ -15,7 +15,7 @@ If necessary, credentials and encrypted settings can be extracted using the AWX
 $ awx-manage shell_plus
 >>> from awx.main.utils import decrypt_field
 >>> print(decrypt_field(Credential.objects.get(name="my private key"), "ssh_key_data")) # Example for a credential
->>> print(decrypt_field(Setting.objects.get(key='SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET'), 'value')) # Example for a setting
+>>> print(decrypt_field(Setting.objects.get(key='SOCIAL_AUTH_OIDC_SECRET'), 'value')) # Example for a setting
 ```
 
 If you are running a kubernetes based deployment, you can execute awx-manage like this:
diff --git a/docs/docsite/rst/administration/configure_awx_authentication.rst b/docs/docsite/rst/administration/configure_awx_authentication.rst
index 6658bc1372..fdcf35d478 100644
--- a/docs/docsite/rst/administration/configure_awx_authentication.rst
+++ b/docs/docsite/rst/administration/configure_awx_authentication.rst
@@ -2,10 +2,6 @@
 
 2. The left side of the Settings window is a set of configurable Authentication settings. Select from the following options:
 
-- :ref:`ag_auth_azure` 
-- :ref:`ag_auth_github`
-- :ref:`ag_auth_google_oauth2` 
-
 Different authentication types require you to enter different information. Be sure to include all the information as required.
 
 3. Click **Save** to apply the settings or **Cancel** to abandon the changes.
\ No newline at end of file
diff --git a/docs/docsite/rst/administration/ent_auth.rst b/docs/docsite/rst/administration/ent_auth.rst
index 942210e56f..aaec518c58 100644
--- a/docs/docsite/rst/administration/ent_auth.rst
+++ b/docs/docsite/rst/administration/ent_auth.rst
@@ -17,42 +17,3 @@ This section describes setting up authentication for the following enterprise sy
 - Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX.
 - AWX passwords of enterprise users should always be empty and cannot be set by any user if there are enterprise backend-enabled.
 - If enterprise backends are disabled, an enterprise user can be converted to a normal AWX user by setting the password field. However, this operation is irreversible, as the converted AWX user can no longer be treated as enterprise user.
-
-
-.. _ag_auth_azure:
-
-Azure AD settings
--------------------
-
-.. index::
-    pair: authentication; Azure AD
-
-To set up enterprise authentication for Microsoft Azure Active Directory (AD), you will need to obtain an OAuth2 key and secret by registering your organization-owned application from Azure at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. In order to register the application, you must supply it with your webpage URL, which is the Callback URL shown in the Settings Authentication screen.
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **Azure AD settings** from the list of Authentication options. 
-
-3. The **Azure AD OAuth2 Callback URL** field is already pre-populated and non-editable.
-   Once the application is registered, Azure displays the Application ID and Object ID.
-
-4. Click **Edit** and copy and paste Azure's Application ID to the **Azure AD OAuth2 Key** field. 
-
-   Following Azure AD's documentation for connecting your app to Microsoft Azure Active Directory, supply the key (shown at one time only) to the client for authentication.
-
-5. Copy and paste the actual secret key created for your Azure AD application to the **Azure AD OAuth2 Secret** field of the Settings - Authentication screen.  
-
-6. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-7. Click **Save** when done.
-
-8. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the Microsoft Azure logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-azure-logo.png
-    :alt: AWX login screen displaying the Microsoft Azure logo for authentication.
-
-
-For application registering basics in Azure AD, refer to the `Azure AD Identity Platform (v2)`_ overview. 
-
-.. _`Azure AD Identity Platform (v2)`: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
-
diff --git a/docs/docsite/rst/administration/social_auth.rst b/docs/docsite/rst/administration/social_auth.rst
index 682aff105a..603bf5ee1b 100644
--- a/docs/docsite/rst/administration/social_auth.rst
+++ b/docs/docsite/rst/administration/social_auth.rst
@@ -11,268 +11,6 @@ Authentication methods help simplify logins for end users--offering single sign-
 
 Account authentication can be configured in the AWX User Interface and saved to the PostgreSQL database. For instructions, refer to the :ref:`ag_configure_awx` section. 
 
-
-.. _ag_auth_github:
-
-GitHub settings
-----------------
-
-.. index::
-    pair: authentication; GitHub OAuth2
-
-To set up social authentication for GitHub, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register the new application with GitHub at https://github.com/settings/developers. In order to register the application, you must supply it with your homepage URL, which is the **Callback URL** shown in the Details tab for the GitHub default settings page. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface. 
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-3. Click the **GitHub Default** tab if not already selected.
-
-The **GitHub OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-4. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub OAuth2 Key** field.
-
-5. Copy and paste GitHub's Client Secret into the **GitHub OAuth2 Secret** field.
-
-6. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-7. Click **Save** when done.
-
-8. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-logo.png
-
-
-.. _ag_auth_github_org:
-
-GitHub Organization settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. index::
-    pair: authentication; GitHub Org
-
-When defining account authentication with either an organization or a team within an organization, you should use the specific organization and team settings. Account authentication can be limited by an organization as well as by a team within an organization. 
-
-You can also choose to allow all by specifying non-organization or non-team based settings (as shown above).
-
-You can limit users who can login to AWX by limiting only those in an organization or on a team within an organization. 
-
-To set up social authentication for a GitHub Organization, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register your organization-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-3. Click the **GitHub Organization** tab.
-
-The **GitHub Organization OAuth2 Callback URL** field is already pre-populated and non-editable. 
-
-Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-4. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub Organization OAuth2 Key** field.
-
-5. Copy and paste GitHub's Client Secret into the **GitHub Organization OAuth2 Secret** field.
-
-6. Enter the name of your GitHub organization, as used in your organization's URL (e.g., https://github.com/<yourorg>/) in the **GitHub Organization Name** field.
-
-7. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-8. Click **Save** when done.
-
-9. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Organization logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-orgs-logo.png
-
-
-.. _ag_auth_github_team:
-
-GitHub Team settings
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. index::
-    pair: authentication; GitHub Team
-
-
-To set up social authentication for a GitHub Team, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register your team-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Find the numeric team ID using the GitHub API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. The Team ID will be used to supply a required field in the AWX User Interface.
-
-2. Click **Settings** from the left navigation bar.
-
-3. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-4. Click the **GitHub Team** tab.
-
-The **GitHub Team OAuth2 Callback URL** field is already pre-populated and non-editable.  Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-5. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub Team OAuth2 Key** field.
-
-6. Copy and paste GitHub's Client Secret into the **GitHub Team OAuth2 Secret** field.
-
-7. Copy and paste GitHub's team ID in the **GitHub Team ID** field.
-
-8. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-9. Click **Save** when done.
-
-10. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Team logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-teams-logo.png
-
-
-GitHub Enterprise settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. index::
-    pair: authentication; GitHub Enterprise
-
-To set up social authentication for a GitHub Enterprise, you will need to obtain a GitHub Enterprise URL, an API URL, OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the  key and secret, you must first register your enterprise-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to. 
-
-Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-3. Click the **GitHub Enterprise** tab.
-
-The **GitHub Enterprise OAuth2 Callback URL** field is already pre-populated and non-editable.  Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-4. Click **Edit** to configure GitHub Enterprise settings.
-
-5. In the **GitHub Enterprise URL** field, enter the hostname of the GitHub Enterprise instance (e.g., https://github.example.com).
-
-6. In the **GitHub Enterprise API URL** field, enter the API URL of the GitHub Enterprise instance (e.g., https://github.example.com/api/v3)
-
-7. Copy and paste GitHub's Client ID into the **GitHub Enterprise OAuth2 Key** field.
-
-8. Copy and paste GitHub's Client Secret into the **GitHub Enterprise OAuth2 Secret** field.
-
-9. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-10. Click **Save** when done.
-
-11. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-ent-logo.png
-
-
-GitHub Enterprise Organization settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. index::
-    pair: authentication; GitHub Enterprise Org
-
-To set up social authentication for a GitHub Enterprise Org, you will need to obtain a GitHub Enterprise Org URL, an Org API URL, an Org OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the  key and secret, you must first register your enterprise organization-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to. 
-
-Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-3. Click the **GitHub Enterprise Organization** tab.
-
-The **GitHub Enterprise Organization OAuth2 Callback URL** field is already pre-populated and non-editable.  Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-4. Click **Edit** to configure GitHub Enterprise Organization settings.
-
-5. In the **GitHub Enterprise Organization URL** field, enter the hostname of the GitHub Enterprise Org instance (e.g., https://github.orgexample.com).
-
-6. In the **GitHub Enterprise Organization API URL** field, enter the API URL of the GitHub Enterprise Org instance (e.g., https://github.orgexample.com/api/v3)
-
-7. Copy and paste GitHub's Client ID into the **GitHub Enterprise Organization OAuth2 Key** field.
-
-8. Copy and paste GitHub's Client Secret into the **GitHub Enterprise Organization OAuth2 Secret** field.
-
-9. Enter the name of your GitHub Enterprise organization, as used in your organization's URL (e.g., https://github.com/<yourorg>/) in the **GitHub Enterprise Organization Name** field.
-
-10. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-11. Click **Save** when done.
-
-12. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise Organization logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-ent-org-logo.png
-
-
-GitHub Enterprise Team settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. index::
-    pair: authentication; GitHub Enterprise Team
-
-To set up social authentication for a GitHub Enterprise teams, you will need to obtain a GitHub Enterprise Org URL, an Org API URL, an Org OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the  key and secret, you must first register your enterprise team-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to. 
-
-Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Find the numeric team ID using the GitHub API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. The Team ID will be used to supply a required field in the AWX User Interface.
-
-2. Click **Settings** from the left navigation bar.
-
-3. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options. 
-
-4. Click the **GitHub Enterprise Team** tab.
-
-The **GitHub Enterprise Team OAuth2 Callback URL** field is already pre-populated and non-editable.  Once the application is registered, GitHub displays the Client ID and Client Secret.
-
-5. Click **Edit** to configure GitHub Enterprise Team settings.
-
-6. In the **GitHub Enterprise Team URL** field, enter the hostname of the GitHub Enterprise team instance (e.g., https://github.teamexample.com).
-
-7. In the **GitHub Enterprise Team API URL** field, enter the API URL of the GitHub Enterprise team instance (e.g., https://github.teamexample.com/api/v3)
-
-8. Copy and paste GitHub's Client ID into the **GitHub Enterprise Team OAuth2 Key** field.
-
-9. Copy and paste GitHub's Client Secret into the **GitHub Enterprise Team OAuth2 Secret** field.
-
-10. Copy and paste GitHub's team ID in the **GitHub Enterprise Team ID** field.
-
-11. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-12. Click **Save** when done.
-
-13. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise Teams logo to allow logging in with those credentials.
-
-.. image:: ../common/images/configure-awx-auth-github-ent-teams-logo.png
-
-
-.. _ag_auth_google_oauth2:
-
-Google OAuth2 settings
------------------------
-
-.. index::
-    pair: authentication; Google OAuth2
-
-To set up social authentication for Google, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first create a project and set it up with Google. Refer to https://support.google.com/googleapi/answer/6158849 for instructions. If you already completed the setup process, you can access those credentials by going to the Credentials section of the `Google API Manager Console <https://console.developers.google.com/>`_. The OAuth2 key (Client ID) and secret (Client secret) will be used to supply the required fields in the AWX User Interface.  
-
-1. Click **Settings** from the left navigation bar.
-
-2. On the left side of the Settings window, click **Google OAuth 2 settings** from the list of Authentication options. 
-
-The **Google OAuth2 Callback URL** field is already pre-populated and non-editable. 
-
-3. The following fields are also pre-populated. If not, use the credentials Google supplied during the web application setup process, and look for the values with the same format as the ones shown in the example below:
-    
-  - Click **Edit** and copy and paste Google's Client ID into the **Google OAuth2 Key** field. 
-
-  - Copy and paste Google's Client secret into the **Google OAuth2 Secret** field. 
-
-    .. image:: ../common/images/configure-awx-auth-google.png
-
-4. To complete the remaining optional fields, refer to the tooltips in each of the fields for instructions and required format. 
-
-5. For details on completing the mapping fields, see :ref:`ag_org_team_maps`. 
-
-6. Click **Save** when done.
-
-7. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the Google logo to indicate it as a alternate method of logging into AWX.
-
-.. image:: ../common/images/configure-awx-auth-google-logo.png
-
-
-
 .. _ag_org_team_maps:
 
 Organization and Team Mapping
@@ -329,12 +67,6 @@ Organization mappings may be specified separately for each account authenticatio
 
 ::
 
-    SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP = {}
-    SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP = {}
-    SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP = {}
-    SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP = {}
-
-
 Team mapping
 ~~~~~~~~~~~~~~
 
@@ -374,7 +106,6 @@ Team mappings may be specified separately for each account authentication backen
 
 ::
 
-    SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP = {}
     SOCIAL_AUTH_GITHUB_TEAM_MAP = {}
     SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP = {}
     SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP = {}
diff --git a/docs/docsite/rst/rest_api/authentication.rst b/docs/docsite/rst/rest_api/authentication.rst
index 0349bbfa38..8925798c03 100644
--- a/docs/docsite/rst/rest_api/authentication.rst
+++ b/docs/docsite/rst/rest_api/authentication.rst
@@ -192,9 +192,7 @@ If you need to write custom requests, you can write a Python script using `Pytho
 SSO Authentication
 -------------------
 
-Single sign-on (SSO) authentication methods are fundamentally different from other methods because the authentication of the user happens external to AWX, like Google SSO, Azure SSO, SAML, or GitHub. For example, with GitHub SSO, GitHub is the single source of truth, which verifies your identity based on the username and password you gave AWX.
-
-You can configure SSO authentication using AWX inside a large organization with a central Identity Provider. Once you have configured an SSO method in AWX, a button for that SSO will be present on the login screen. If you click that button, it will redirect you to the Identity Provider, in this case GitHub, where you will present your credentials. If the Identity Provider verifies you successfully, then AWX will make a user linked to your GitHub user (if this is your first time logging in via this SSO method), and log you in.
+Single sign-on (SSO) authentication methods are fundamentally different from other methods because the authentication of the user happens external to AWX, like SAML.
 
 For the various types of supported SSO authentication methods, see :ref:`ag_social_auth` and :ref:`ag_ent_auth` in the |ata|.
 
diff --git a/docs/tower_configuration.md b/docs/tower_configuration.md
index ec917fd924..a5aea85c91 100644
--- a/docs/tower_configuration.md
+++ b/docs/tower_configuration.md
@@ -7,7 +7,7 @@ The REST endpoint for CRUD operations against AWX configurations can be found at
 
 Here is a typical AWX configuration category GET response:
 ```
-GET /api/v2/settings/github-team/
+GET /api/v2/settings/oidc/
 HTTP 200 OK
 Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
 Content-Type: application/json
@@ -18,12 +18,10 @@ X-API-Query-Time: 0.004s
 X-API-Time: 0.026s
 
 {
-    "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": "https://platformhost/sso/complete/github-team/",
-    "SOCIAL_AUTH_GITHUB_TEAM_KEY": "",
-    "SOCIAL_AUTH_GITHUB_TEAM_SECRET": "",
-    "SOCIAL_AUTH_GITHUB_TEAM_ID": "",
-    "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": null,
-    "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": null
+    "SOCIAL_AUTH_OIDC_KEY": null,
+    "SOCIAL_AUTH_OIDC_SECRET": "",
+    "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "",
+    "SOCIAL_AUTH_OIDC_VERIFY_SSL": true
 }
 ```