Add "user info" endpoint for the Delivery API

[kjac]

Prerequisites

• I have added steps to test this contribution in the description below

If there's an existing issue for this PR then this fixes #17508

Description

This PR adds a "user info" endpoint to the Delivery API, to access basic information about authorized members. See the linked discussion for details on the motivation for adding this endpoint.

The "user info" endpoint is part of the OpenId Connect core spec.

This implementation returns a few of the standard claims, all of which are subject of availability:

• sub (required claim)
• name (if available)
• email (if available)

On top of this, the member groups (if any) are returned in the role claim.

The implementation is build to be extendable, so custom claims can be added to these claims - and the core claims can be removed, too.

Testing this PR

To test this PR, authorized member access must be enabled and setup for the Delivery API - see the docs.

Verify that:

1. The standard claims can be retrieved from the user info endpoint given a valid access token.
2. The user info endpoint is not available without a valid access token.
3. It is possible to extend the returned claims with a custom implementation of ICurrentMemberClaimsProvider (or a specialization of CurrentMemberClaimsProvider).
4. The user info endpoint is listed under /.well-known/openid-configuration.
   

[elit0451]

Tests out great 💪 Merging

[bjarnef]

@kjac any scheduled release date for v13.6.0? Perhaps an early Christmas present? 😉😍🎁🎄🎅

[bjarnef]

The implementation is build to be extendable, so custom claims can be added to these claims - and the core claims can be removed, too.

@kjac do you have an example of this?

I have something like this:

public class CustomCurrentMemberClaimsProvider : CurrentMemberClaimsProvider
{
    private readonly IMemberManager _memberManager;

    public CustomCurrentMemberClaimsProvider(IMemberManager memberManager) : base(memberManager)
    {
        _memberManager = memberManager;
    }

    protected override async Task<Dictionary<string, object>> GetClaimsForMemberIdentityAsync(MemberIdentityUser memberIdentityUser)
    {
        var claims = await base.GetClaimsForMemberIdentityAsync(memberIdentityUser);

        var member = _memberManager.AsPublishedMember(memberIdentityUser) as Member;

        //claims[OpenIddictConstants.Claims.PhoneNumber] = await _memberManager.GetPhoneNumberAsync(memberIdentityUser);

        if (member is not null)
        {
            claims["committees"] = member.Committees?.Select(x => x.Name).ToList() ?? [];
        }

        return claims;
    }
}

but unsure how it should override/replace the default.

I tried something like this in a composer:

public void Compose(IUmbracoBuilder builder)
{
    var existingMemberClaimsProviderRegistration = builder.Services.FirstOrDefault(service => service.ServiceType == typeof(CurrentMemberClaimsProvider));
    
    if (existingMemberClaimsProviderRegistration != null)
        builder.Services.Remove(existingMemberClaimsProviderRegistration);

    builder.Services.AddTransient<ICurrentMemberClaimsProvider, CustomCurrentMemberClaimsProvider>();
}

I also added some documentation of the userinfo endpoint here. Feel free to add any adjustments :)
umbraco/UmbracoDocs#6849