Support custom OIDC provider for a self-managed Connector Runtime

[sbuettner]

Is your feature request related to a problem? Please describe.

We want to support custom OIDC providers like Microsoft Entra ID similar to other components like TaskList and Operate as this effort is part of: https://github.com/camunda/product-hub/issues/1969

We therefore need to make sure that our client configuration for Zeebe and Operate as well as our Security config (validation of JWTs) is compatible with external OIDC providers supported by the Identity SDK.

Describe the solution you'd like

The Connector Runtime should support custom OIDC providers supported by the Identity SDK:

• The Zeebe client should be configurable to authenticate using a customer OIDC provider
• The Operate client should be configurable to authenticate using a customer OIDC provider
• Protected HTTP resources should leverage the Identity SDK (if we support it for SM)

Additional context

Camunda OIDC Support: https://docs.camunda.io/docs/next/self-managed/platform-deployment/helm-kubernetes/guides/connect-to-an-oidc-provider/

The Connector runtime relies on https://github.com/camunda-community-hub/spring-zeebe for the Operate client and the Zeebe client configuration. We need to incorporate the changes there to be able to support it in the Connector Runtime.

• Support OIDC for the Zeebe client
• Support OIDC for the Operate client
• Assert that all endpoints that are secured by a JWT are using the Identity SDK
• Update Helm charts chore(connectors): switch to Identity config camunda-platform-helm#1265
• Update the docs feat(connectors): OIDC support camunda-docs#3318

[christinaausley]

Will we have a PR for any docs adjustments that I should be on the lookout for tomorrow or Monday for the docs release?

[chillleader]

There will be a related docs PR later this week