* Populate session Groups from userinfo response

* Fix: gitlab tests

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>

* panic with GitLab project repository auth

* /api/v4/projects/:id can return nil permissions

Signed-off-by: Piers Harding <piers@ompka.net>

* Add GitLab test for group no access

Signed-off-by: Piers Harding <piers@ompka.net>

* Add example with traefik and keycloak

* Switch to dex

* Remove unneeded change in keycloak settings

* Taken into account review comments

* Add changelog entry

Co-authored-by: Frédéric Collonval <frederic.collonval@ariadnext.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Reinstate preferEmailToUser behaviour for basic auth sessions

Fix upstream proxy appending `?` to requests

Deprecate GCP HealthCheck option

Allow custom robots text pages

* Add RequestID to the RequestScope

* Expose RequestID to auth & request loggers

* Use the RequestID in templated HTML pages

* Allow customizing the RequestID header

* Document new Request ID support

* Add more cases to scope/requestID tests

* Split Get vs Generate RequestID funtionality

* Add {{.RequestID}} to the request logger tests

* Move RequestID management to RequestScope

* Use HTML escape instead of sanitization for Request ID rendering

Ensure redirect URI always has a scheme

* extract email from id_token for azure provider

this change fixes a bug when --resource is specified with non-Graph
api and the access token destined to --resource is used to call Graph
api

* fixed typo

* refactor GetEmailAddress to EnrichSessionState

* make getting email from idtoken best effort and fall back to previous behavior when it's absent

* refactor to use jwt package to extract claims

* fix lint

* refactor unit tests to use test table
refactor the get email logic from profile api

* addressing feedback

* added oidc verifier to azure provider and extract email from id_token if present

* fix lint and codeclimate

* refactor to use oidc verifier to verify id_token if oidc is configured

* fixed UT

* addressed comments

* minor refactor

* addressed feedback

* extract email from id_token first and fallback to access token

* fallback to access token as well when id_token doesn't have email claim

* address feedbacks

* updated change log!

Refactor HTTP Server and add ServerGroup to handle graceful shutdown of multiple servers

* Use a specialized ResponseWriter in middleware

* Track User & Upstream in RequestScope

* Wrap responses in our custom ResponseWriter

* Add tests for logging middleware

* Inject upstream metadata into request scope

* Use custom ResponseWriter only in logging middleware

* Assume RequestScope is never nil

* Add support for setting groups on session when using basic auth

* Refactoring based on feedback

* Attribution

Add option for custom logos on the sign in page

Update to Go 1.16

This allows our users to easily copy the base templates should they wish 
to make changes to them

This includes a fix for our samesite cookie parsing. The behaviour
changed in 1.16 so that the default value now leaves it empty, so it's
equivalent to not setting it (as per spec)

Update golangci-lint to latest version (v1.36.0)

* GH-1015 Adds support for Traefik to OauthStart on '/oauth2/auth' endpoint

* Fix incorrect reference to signout path and point to signin path

- remove commented out alternative solutions and debug log statements

* Remove skip provider button check as SignIn method already does this

* Updated traefik example to match existing file configuration reference, updated tests

* Update doc and refactor nested conditional statements

* Revert code changes as static upstream provides the same functionality

- Add doc on using static upstream with Traefik ForwardAuth middleware

* update changelog

* Move the doc changes to 7.0.x versioned docs

* Re-add traefik docs update in the main docs overview.md

* add missing oauth2-proxy routing

Co-authored-by: Praveen Chinthala <PraveenChinthala@hollandandbarrett.com>