feat(server): userinfo signing (#10756)

* feat(server): userinfo signing * chore: e2e tests
2025-12-21 09:15:44 +03:00 · 2024-07-11 07:55:00 -04:00
parent 3cb42de931
commit 25a380d023
17 changed files with 1439 additions and 33 deletions
--- a/web/src/lib/components/admin-page/settings/auth/auth-settings.svelte
+++ b/web/src/lib/components/admin-page/settings/auth/auth-settings.svelte
@@ -144,6 +144,16 @@
                isEdited={!(config.oauth.signingAlgorithm == savedConfig.oauth.signingAlgorithm)}
              />

+              <SettingInputField
+                inputType={SettingInputFieldType.TEXT}
+                label={$t('admin.oauth_profile_signing_algorithm').toUpperCase()}
+                desc={$t('admin.oauth_profile_signing_algorithm_description')}
+                bind:value={config.oauth.profileSigningAlgorithm}
+                required={true}
+                disabled={disabled || !config.oauth.enabled}
+                isEdited={!(config.oauth.profileSigningAlgorithm == savedConfig.oauth.profileSigningAlgorithm)}
+              />
+
              <SettingInputField
                inputType={SettingInputFieldType.TEXT}
                label={$t('admin.oauth_storage_label_claim').toUpperCase()}
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -170,6 +170,8 @@
    "oauth_mobile_redirect_uri": "Mobile redirect URI",
    "oauth_mobile_redirect_uri_override": "Mobile redirect URI override",
    "oauth_mobile_redirect_uri_override_description": "Enable when 'app.immich:/' is an invalid redirect URI.",
+    "oauth_profile_signing_algorithm": "Profile signing algorithm",
+    "oauth_profile_signing_algorithm_description": "Algorithm used to sign the user profile.",
    "oauth_scope": "Scope",
    "oauth_settings": "OAuth",
    "oauth_settings_description": "Manage OAuth login settings",