feat: Implement OAuth1 authorization method

[pietrygamat]

Description

This pull request aims to add OAuth1.0a as supported authorization mode to Bruno.
resolves: #1004

The OAuth1 flow as defined in https://oauth.net/core/1.0a consists of two distinct stages (and more substages):

1. Obtaining access token
   • Obtain temporary request token
   • Obtain user authorization
   • Obtain final access token
2. Using access token to authorize API request

Step 2, while not exactly trivial, can be accomplished by scripting, but what I think is really important for API client like Bruno, is the ability to assist user in Step 1- actually obtaining the token.

The approach currently used for OAuth2 Authorization Code flow is a great example of how the solution could look like.

Implementation details

When OAuth1 authorization is used for request, the Authorization header is evaluated using oauth-1.0a library and included in the request during execution, based on the following parameters:

• Consumer Key
• Consumer Secret
• Access Token
• Access Token Secret
• RSA Private Key (RSA-SHA1 signature method)

In case user does not yet have Access Token, they must provide the following information about API they want to access:

• Request Token URL
• Access Token URL

And then also:

• Authorize URL and Callback URL (in 3-legged flow)
• Verifier code - if provided by service (in 2-legged flow)

Then, during request execution Bruno will make additional requests, and will open the browser window to allow user sign-in with the external provider and ask for permission.

Demo

Screencast.from.2024-09-02.21-41-41.mp4

Todos

This flow should support several variations, including

• Implement at collection level
• Two-legged flow (e.g. Adobe Magento)
• Three-legged flow (e.g. Twitter)
• variable Signature methods
  • HMAC_SHA* - works with real services
  • RSA_SHA* - using external private key - should work
  • PLAINTEXT - should work
• variable Parameter Transmission Method
  • send in Authorization Header
  • send in Form-Encoded Body
  • send in Request Query Parameters
• configurable additional parameters for each of flow calls (may be required by some APIs)
• GUI hints and auto-disabling un-needed fields based on other selections
• Browser session management / provider logout
• Error handling
• Scripting support (e.g. possibility to extract access token)
• Testing in real environments with various requirements

Contribution Checklist:

• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.