fix(auth): add support for OAuth authentication in parallel to JWT

[kritikash18]

Description

• fixes How to authenticate with aio for Oauth server-to-server credential (without browser authentication) like old/depreicated Service account(JWT) ? #676
• upgraded IMS library to 6.5.0 which supports both JWT and OAuth based on config type
• updated e2e tests to include OAuth authentication also
• added validations for OAuth config as well

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have signed the Adobe Open Source CLA.
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.67%. Comparing base (30b3d18) to head (3a401af).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #691   +/-   ##
=======================================
  Coverage   99.67%   99.67%           
=======================================
  Files          64       64           
  Lines        1542     1551    +9     
  Branches      214      218    +4     
=======================================
+ Hits         1537     1546    +9     
  Misses          5        5           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[anastasiapintilie]

did you manage to test the changes?

[anastasiapintilie]

is this commented code needed?

[kritikash18]

so the way i've seen it work and based on some past pull requests; these tests are disabled when pushing code to PR. If someone needs to test e2e, they need to uncomment all commented part and run e2e. If you see current test, it does nothing until the main code is uncommented

[kritikash18]

check PR: #669

[anastasiapintilie]

why do we need to do !metaScopes.includes?

won't metaScopes.includes always be true?

[kritikash18]

yeah, I think so. It was already there, so I didn't remove it in case there was a situation which needed this

[kritikash18]

probably, in case someone defines metascopes as some other data type that doesn't support .includes then it would return false

[anastasiapintilie]

same question: why do we need the check !oauthScopes.includes?