Add keycloak-oidc provider based on OIDCProvider

pkg/validation/options.go

@@ -268,6 +268,19 @@ func parseProviderInfo(o *options.Options, msgs []string) []string {
 		if len(o.KeycloakGroups) > 0 {
 			p.SetAllowedGroups(o.KeycloakGroups)
 		}
+	case *providers.KeycloakOIDCProvider:
+		if p.Verifier == nil {
+			msgs = append(msgs, "keycloak-oidc provider requires an oidc issuer URL")
+		}
+
+		// Backwards compatibility with `--keycloak-group` option
+		if len(o.KeycloakGroups) > 0 {
+			// Maybe already added with proper `--allowed-group` flag
+			if !strings.Contains(o.Scope, " groups") {
+				o.Scope += " groups"
+			}
+			p.SetAllowedGroups(o.KeycloakGroups)
+		}
 	case *providers.GoogleProvider:
 		if o.GoogleServiceAccountJSON != "" {
 			file, err := os.Open(o.GoogleServiceAccountJSON)
@@ -286,10 +299,6 @@ func parseProviderInfo(o *options.Options, msgs []string) []string {
 	case *providers.BitbucketProvider:
 		p.SetTeam(o.BitbucketTeam)
 		p.SetRepository(o.BitbucketRepository)
-	case *providers.OIDCProvider:
-		if p.Verifier == nil {
-			msgs = append(msgs, "oidc provider requires an oidc issuer URL")
-		}
 	case *providers.GitLabProvider:
 		p.Groups = o.GitLabGroup
 		err := p.AddProjects(o.GitlabProjects)
@@ -345,6 +354,10 @@ func parseProviderInfo(o *options.Options, msgs []string) []string {
 				p.JWTKey = signKey
 			}
 		}
+	case *providers.OIDCProvider:
+		if p.Verifier == nil {
+			msgs = append(msgs, "oidc provider requires an oidc issuer URL")
+		}
 	}
 	return msgs
 }