feat: lark OIDC provider

[CNLHC]

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

A Lark OIDC provider implementation, related to #2924

[codecov]

Codecov Report

Merging #2925 (3e98143) into master (b2ecb10) will decrease coverage by 0.23%.
The diff coverage is 0.00%.

❗ Current head 3e98143 differs from pull request most recent head b7761a2. Consider uploading reports for the commit b7761a2 to get more accurate results

@@            Coverage Diff             @@
##           master    #2925      +/-   ##
==========================================
- Coverage   78.04%   77.82%   -0.23%     
==========================================
  Files         324      325       +1     
  Lines       21013    21074      +61     
==========================================
  Hits        16400    16400              
- Misses       3384     3445      +61     
  Partials     1229     1229              

Impacted Files	Coverage Δ
selfservice/strategy/oidc/provider_config.go	30.18% <0.00%> (-1.19%)	⬇️
selfservice/strategy/oidc/provider_lark.go	0.00% <0.00%> (ø)

[aeneasr]

Great job! :)

Could you please also add a bit of documentation for this feature? You can probably copy & paste content from: https://www.ory.sh/docs/kratos/social-signin/dingtalk

[CNLHC]

Great job! :)

Could you please also add a bit of documentation for this feature? You can probably copy & paste content from: https://www.ory.sh/docs/kratos/social-signin/dingtalk

Sure, I submitted the document to this PR ory/docs#1145

[CaptainStandby]

lgtm

[piotrmsc]

Thank you for the contribution :) I left 2 small comments and could provide a short video record of the full flow working? It will be easier also for us to see it live also

[CNLHC]

@piotrmsc here is a short screen record to show this flow works.

t.mp4

[piotrmsc]

and thank you for providing the recording :)

[piotrmsc]

@CNLHC any update here? could you resolve conflicts? :)

[CNLHC]

@piotrmsc
Really sorry about the late response. I am quite busy these few months but free again now.

I have rebased this PR to the master, resolved the conflict, and followed your suggestion. Now the special client is used to set the authorization header like this

client = g.reg.HTTPClient(ctx,
	httpx.ResilientClientDisallowInternalIPs(),
	httpx.ResilientClientWithClient(o.Client(ctx, exchange)))

[aeneasr]

Sorry for taking so long to merge this, thank you for keeping it up to date!

[CNLHC]

Sorry for taking so long to merge this, thank you for keeping it up to date!

Thank you for providing such an awesome project. I am glad to see this feature is finally merged.