When enabling external OIDC authentication, OAuth related APIs and components are removed from the cluster. The console-operator watches OAuth clients via an informer, which would break when the respective resource is deleted. Therefore the InformerWithSwitch was introduced to tackle this problem; the informer stops when external OIDC is detected.

However, when switching authentication from OIDC back to OAuth, this informer cannot be started again (as with all informers), which can lead to issues as the console-operator will not be tracking the OAuth client resources.

To solve this, we have introduced the ControllerWithSwitch in the authentication operator. The console-operator must use a similar approach as the auth operator's OauthClientsController which can be switched on even after enabling OAuth after OIDC authentication.

Solution consists of the following steps:

• move the controller from the auth operator into library-go
• use the lib-go controller in the authentication operator
• use the lib-go controller in the console operator