Delete dead code: Discovery, OmniauthOptions, clock_skew

Three pieces of dead code surfaced during a post-testing code review:

1. The Discovery class (~100 LoC + spec) implemented OIDC discovery from
   scratch but was never wired into any production code path. The real
   discovery is delegated to omniauth_openid_connect via discovery: true
   in the Devise omniauth provider config, which the library handles
   itself. Dropping Discovery also removes DiscoveryError.

2. OmniauthOptions.build (~25 LoC + its only caller, self.omniauth_options)
   was defined but never called. Hosts wire the OmniAuth provider
   directly in their Devise initializer; the helper was a leftover from
   an earlier iteration that built the options hash in-gem.

3. Configuration#clock_skew was settable but never read — the value was
   never forwarded to any OIDC verification step. Removed along with its
   specs.

Configuration#reset! is kept: it is legitimately used by the test
helper (spec_helper before(:each)) to isolate state between examples.
Removing it would force a clunkier 'replace the @config ivar' helper,
which is strictly worse than a one-line method on the class.

Author: Fivell

lib/activeadmin-oidc.rb

@@ -22,7 +22,6 @@ module ActiveAdmin
   module Oidc
     class Error < StandardError; end
     class ConfigurationError < Error; end
-    class DiscoveryError < Error; end
     class ProvisioningError < Error; end
 
     class << self
@@ -43,17 +42,7 @@ def reset!
 end
 
 require "activeadmin/oidc/configuration"
-require "activeadmin/oidc/discovery"
 require "activeadmin/oidc/presets/zitadel"
 require "activeadmin/oidc/user_provisioner"
 require "rails/engine"
 require "activeadmin/oidc/engine"
-require "activeadmin/oidc/omniauth_options"
-
-module ActiveAdmin
-  module Oidc
-    def self.omniauth_options
-      OmniauthOptions.build(config)
-    end
-  end
-end

lib/activeadmin/oidc/configuration.rb

@@ -4,7 +4,6 @@ module ActiveAdmin
   module Oidc
     class Configuration
       DEFAULT_SCOPE               = "openid email profile"
-      DEFAULT_CLOCK_SKEW          = 30
       DEFAULT_TIMEOUT             = 5
       DEFAULT_IDENTITY_ATTRIBUTE  = :email
       DEFAULT_IDENTITY_CLAIM      = :email
@@ -13,7 +12,7 @@ class Configuration
         "Your account has no permission to access this admin panel."
 
       attr_accessor :issuer, :client_id, :client_secret, :scope,
-                    :login_button_label, :clock_skew, :timeout,
+                    :login_button_label, :timeout,
                     :identity_attribute, :identity_claim,
                     :access_denied_message, :on_login
 
@@ -27,7 +26,6 @@ def reset!
         @client_secret         = nil
         @scope                 = DEFAULT_SCOPE
         @login_button_label    = DEFAULT_LOGIN_BUTTON_LABEL
-        @clock_skew            = DEFAULT_CLOCK_SKEW
         @timeout               = DEFAULT_TIMEOUT
         @identity_attribute    = DEFAULT_IDENTITY_ATTRIBUTE
         @identity_claim        = DEFAULT_IDENTITY_CLAIM

lib/activeadmin/oidc/discovery.rb

@@ -10,10 +10,6 @@
       expect(config.scope).to eq("openid email profile")
     end
 
-    it "has a default clock_skew of 30 seconds" do
-      expect(config.clock_skew).to eq(30)
-    end
-
     it "has a default timeout of 5 seconds" do
       expect(config.timeout).to eq(5)
     end
@@ -162,7 +158,6 @@
       config.client_secret       = "sec"
       config.scope               = "openid email"
       config.login_button_label  = "Sign in"
-      config.clock_skew          = 60
       config.timeout             = 10
       config.identity_attribute  = :username
       config.identity_claim      = :preferred_username
@@ -175,7 +170,6 @@
       expect(config.client_secret).to        eq("sec")
       expect(config.scope).to                eq("openid email")
       expect(config.login_button_label).to   eq("Sign in")
-      expect(config.clock_skew).to           eq(60)
       expect(config.timeout).to              eq(10)
       expect(config.identity_attribute).to   eq(:username)
       expect(config.identity_claim).to       eq(:preferred_username)