Make "scopes" required for Okta Workforce Connections

[adrianosela]

🔧 Changes

Sometime in October 2023, the behavior of the Auth0 API changed. It used to automatically set the scopes openid and profile for all new Okta Workforce enterprise connections (the okta strategy).

The API simply stopped doing that - there is no docs to support this claim other than evidence (personal and other folks in the linked GitHub issue).

This change makes it so that the engineer making changes will see the error instead of their customers...

Creating an Okta workforce without the openid claim results in anyone trying to authenticate with this connection seeing the error:

Cannot read properties of undefined (reading 'trim')

Here's a screenshot from one of my very-unhappy customers:

📚 References

Closes #852

🔬 Testing

N/A

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[adrianosela]

Note that there should likely be documentation change to mention required scopes in https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/okta

And perhaps the auth0 API should reject Okta Workforce connections being created without scopes...

.... OR simply go back to the previous behaviour.