Massive refactor. Merge forward_auth into App, remove references to unimplemented OIDC federation and SAML features. Add group and user custom claims. Groups now allocate which apps a user can use

app/controllers/oidc_controller.rb

@@ -302,6 +302,14 @@ class OidcController < ApplicationController
     # Add admin claim if user is admin
     claims[:admin] = true if user.admin?
 
+    # Merge custom claims from groups
+    user.groups.each do |group|
+      claims.merge!(group.parsed_custom_claims)
+    end
+
+    # Merge custom claims from user (overrides group claims)
+    claims.merge!(user.parsed_custom_claims)
+
     render json: claims
   end