(core) revive saml support and test against Auth0

Summary:
SAML support had broken due to SameSite changes in browsers. This
makes it work again, and tests it against Auth0 (now owned by Okta).

Logging in and out works.  The logged out state is confusing, and may
not be complete.  The "Add Account" menu item doesn't work.
But with this, an important part of self-hosting becomes easier.

SAML support works also in grist-core, for site pages, but there
is a glitch on document pages that I'll look into separately.

Test Plan: tested manually

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2976

app/server/lib/GristServer.ts

@@ -2,7 +2,6 @@ import { GristLoadConfig } from 'app/common/gristUrls';
 import { Document } from 'app/gen-server/entity/Document';
 import { Organization } from 'app/gen-server/entity/Organization';
 import { Workspace } from 'app/gen-server/entity/Workspace';
-import { SessionUserObj } from 'app/server/lib/BrowserSession';
 import * as Comm from 'app/server/lib/Comm';
 import { Hosts } from 'app/server/lib/extractOrg';
 import { ICreate } from 'app/server/lib/ICreate';
@@ -24,12 +23,14 @@ export interface GristServer {
   getResourceUrl(resource: Organization|Workspace|Document): Promise<string>;
   getGristConfig(): GristLoadConfig;
   getPermitStore(): IPermitStore;
+  getExternalPermitStore(): IPermitStore;
+  getSessions(): Sessions;
 }
 
 export interface GristLoginMiddleware {
-  getLoginRedirectUrl(target: URL): Promise<string>;
-  getSignUpRedirectUrl(target: URL): Promise<string>;
-  getLogoutRedirectUrl(nextUrl: URL, userSession: SessionUserObj): Promise<string>;
+  getLoginRedirectUrl(req: express.Request, target: URL): Promise<string>;
+  getSignUpRedirectUrl(req: express.Request, target: URL): Promise<string>;
+  getLogoutRedirectUrl(req: express.Request, nextUrl: URL): Promise<string>;
 
   // Returns arbitrary string for log.
   addEndpoints(app: express.Express, comm: Comm, sessions: Sessions, hosts: Hosts): string;