Support for sign in with local credentials

[natalian98]

This PR adds support for signing in with local credentials (kratos password method). MFA, recovery and verification will be addressed in future PRs.

Testing

Set up docker env:

docker-compose -f docker-compose.dev.yml up --build --force-recreate --remove-orphans

docker exec <hydra-container> \
  hydra create client \
    --endpoint http://127.0.0.1:4445 \
    --name grafana \
    --grant-type authorization_code,refresh_token \
    --response-type code,id_token \
    --format json \
    --scope openid,offline_access,email \
    --redirect-uri http://localhost:2345/login/generic_oauth

docker run -d --name=grafana -p 2345:2345 --network idp-docker_intranet \
-e "GF_SERVER_HTTP_PORT=2345" \
-e "GF_AUTH_GENERIC_OAUTH_ENABLED=true" \
-e "GF_AUTH_GENERIC_OAUTH_AUTH_ALLOWED_DOMAINS=hydra,localhost" \
-e "GF_AUTH_GENERIC_OAUTH_NAME=Identity Platform" \
-e "GF_AUTH_GENERIC_OAUTH_CLIENT_ID=<client-id>" \
-e "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<client-secret>" \
-e "GF_AUTH_GENERIC_OAUTH_SCOPES=openid offline_access email" \
-e "GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://localhost:4444/oauth2/auth" \
-e "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://hydra:4444/oauth2/token" \
-e "GF_AUTH_GENERIC_OAUTH_API_URL=http://hydra:4444/userinfo" \
grafana/grafana

docker exec <kratos-container> kratos import identities /etc/config/kratos/identity.json --endpoint http://127.0.0.1:4434

Run login ui:

make npm-build build

export KRATOS_PUBLIC_URL="http://localhost:4433"
export HYDRA_ADMIN_URL="http://localhost:4445"
export BASE_URL="http://localhost:4455"
export PORT="4455"
export TRACING_ENABLED="false"
export LOG_LEVEL="debug"
export AUTHORIZATION_ENABLED="false"

go run . serve

Go to http://localhost:2345 and sign in with identity platform. It will redirect to login ui and display the option to sign in with local credentials:

If incorrect credentials are typed, error will be shown:

Logging in with the imported test user (test@example.com / mQ#v9fwHc0@8) logs the user to grafana:

I also tested logging with external idp to make sure the changes don't break it.

[nsklikas]

Good job overall. I left some comments, but most of them don't require changes in the current PR. To sum up the changes that I think are needed in this PR:

• I think we can get rid of the UiErrorMessages struct, we can use kCLient.LoginFlow instead
• Would it make sense to just propagate the error description that kratos sends us in getUiError instead of creating our own messages? This is part of a larger error handling refactoring we need to do in the login UI, so feel free to disregard it.
• Could we automatically import the Kratos users when running the docker compose? (perhaps we could add an entrypoint script or run "job" container like we do for the migration?)
• Add a kratos/service test that tests the service behavior when we get a kratos error response when using the password method, e.g. the user has entered a wrong password