Now that we have a simple SSO prototype, the Workbench API server needs some modifications to use the new SSO system.

The places that will almost certainly need slight changes are:

1. auth into the API server via CLI (ndslabsctl)
2. creation of secrets / ingress rules (replace basic-auth annotations with oauth annotations)
3. API server ingress rules will likely need to be split from webui ones (and possibly split into multiple rules)
   • API server must be auth-free, since unauthed users must be able to access sign-up/forgot password endpoints

To test, you can attempt to auth into a user service with basic-auth disabled.

This ticket is complete when we have confirmed that the Workbench API server works well with the new Workbench SSO prototype.