Zone Sync for N+ OIDC Core and 7 IdPs

[shawnhankim]

Background

• NGINX ACM is going to provide Zone Sync Policy.
• NGINX INC OSS has a PR to resolve ZoneSync delays.
• Hence, we need to enhance these both features into this NGINX OIDC Core and test it to make sure that the features work for each IdP.

AC

• Refactor NGINX Plus OIDC Core by referencing this PR to resolve ZoneSync delays.
• Support containers' environment for simulating ZoneSync delay.
• Sync with the Zone Sync Policy of NGINX ACM.
• Test with multi clusters and 7 IdPs.

Misc.

• Additional custom option: $enable_zone_sync
• Key Value Zones:

keyval_zone zone=oidc_id_tokens:1M state=/etc/nginx/aux/oidc_id_tokens.json timeout=1h sync;
keyval_zone zone=oidc_access_tokens:1M state=/etc/nginx/aux/oidc_access_tokens.json timeout=1h sync;
keyval_zone zone=oidc_refresh_tokens:1M state=/etc/nginx/aux/oidc_refresh_tokens.json timeout=8h sync;
keyval_zone zone=oidc_pkce:128K timeout=90s sync;
keyval_zone zone=oidc_nonce_hash:128K timeout=90s sync;
keyval_zone zone=oidc_token_query_params:128K timeout=90s sync;