Support obtaining user auth tokens to pass to scaffolder process

Feature Suggestion

Support a way to request user auth tokens for external services as part of the scaffolder frontend and pass them to the backend task process in order to call out to external APIs on behalf of the user.

Possible Implementation

The may involve refactoring createTemplateAction to allow custom actions to specify auth provider(s) and scopes it requires which tells the frontend to retrieve (or trigger the auth flow) the necessary user auth tokens and pass it to the backend task process possibly in the ctx object. One thing to consider with this is normalizing the providers and set of scopes defined among all actions in the scaffolder template to trigger an auth flow once per provider and obtain tokens with scopes to satisfy the requirements of all relevant actions.

If a scaffold template requires auth with multiple providers, its not really great UI to auto open multiple popups for each auth flow so an UI consideration may be to present the user with a form where they click each provider they need to auth with and it allows them to proceed once the form detects each provider auth has been satisfied.

In terms of defining custom auth providers, it looks like Backstage admins would do this by adding a new auth provider according to the docs in conjunction with installing custom actions that talks to the new external service. Is it possible to make this pluggable via a standalone Backstage app?

Context

The new v1beta2 template schema is awesome and now allows consumers to build template workflows that go beyond basic repo scaffolding like running custom actions to set up related infrastructure. In order to do this we wrote custom actions that call out to external APIs like Heroku to connect to and deploy our new repo.

However, in order to fully support this we need some way for the scaffolder frontend to trigger a user Oauth flow so they can sign in to and grant access to associated external services.