lib/providers/sync: improve outgoing sync (#9835)

* make connection objects not updatable but allow creating with provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* save data returned from google/entra and show it in UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pass connection object

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set immutable id on user automatically

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better define transient error codes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix entra

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

blueprints/system/providers-microsoft-entra.yaml

@@ -19,10 +19,16 @@ entries:
             "mail_nickname": request.user.username,
             "user_principal_name": request.user.email,
         }
-        if creating:
+        if connection:
+            # If there is a connection already made (discover or update), we can use
+            # that connection's immutable_id...
+            user["on_premises_immutable_id"] = connection.attributes.get("on_premises_immutable_id")
+        else:
             user["password_profile"] = PasswordProfile(
                 password=request.user.password
             )
+            # ...otherwise we set an immutable ID based on the user's UID
+            user["on_premises_immutable_id"] = request.user.uid,
         return user
   - identifiers:
       managed: goauthentik.io/providers/microsoft_entra/group