feat(server)!: oauth encryption algorithm setting (#6818)

* feat: add oauth signing algorithm setting

* chore: open api

* chore: change default to RS256

* feat: test and clean up

---------

Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>

server/src/domain/system-config/dto/system-config-oauth.dto.ts

@@ -5,12 +5,13 @@ const isOverrideEnabled = (config: SystemConfigOAuthDto) => config.mobileOverrid
 
 export class SystemConfigOAuthDto {
   @IsBoolean()
-  enabled!: boolean;
+  autoLaunch!: boolean;
+
+  @IsBoolean()
+  autoRegister!: boolean;
 
-  @ValidateIf(isEnabled)
-  @IsNotEmpty()
   @IsString()
-  issuerUrl!: string;
+  buttonText!: string;
 
   @ValidateIf(isEnabled)
   @IsNotEmpty()
@@ -22,20 +23,13 @@ export class SystemConfigOAuthDto {
   @IsString()
   clientSecret!: string;
 
-  @IsString()
-  scope!: string;
-
-  @IsString()
-  storageLabelClaim!: string;
-
-  @IsString()
-  buttonText!: string;
-
   @IsBoolean()
-  autoRegister!: boolean;
+  enabled!: boolean;
 
-  @IsBoolean()
-  autoLaunch!: boolean;
+  @ValidateIf(isEnabled)
+  @IsNotEmpty()
+  @IsString()
+  issuerUrl!: string;
 
   @IsBoolean()
   mobileOverrideEnabled!: boolean;
@@ -43,4 +37,14 @@ export class SystemConfigOAuthDto {
   @ValidateIf(isOverrideEnabled)
   @IsUrl()
   mobileRedirectUri!: string;
+
+  @IsString()
+  scope!: string;
+
+  @IsString()
+  @IsNotEmpty()
+  signingAlgorithm!: string;
+
+  @IsString()
+  storageLabelClaim!: string;
 }

server/src/domain/system-config/system-config.core.ts

@@ -88,17 +88,18 @@ export const defaults = Object.freeze<SystemConfig>({
     enabled: true,
   },
   oauth: {
-    enabled: false,
-    issuerUrl: '',
+    autoLaunch: false,
+    autoRegister: true,
+    buttonText: 'Login with OAuth',
     clientId: '',
     clientSecret: '',
+    enabled: false,
+    issuerUrl: '',
     mobileOverrideEnabled: false,
     mobileRedirectUri: '',
     scope: 'openid email profile',
+    signingAlgorithm: 'RS256',
     storageLabelClaim: 'preferred_username',
-    buttonText: 'Login with OAuth',
-    autoRegister: true,
-    autoLaunch: false,
   },
   passwordLogin: {
     enabled: true,

server/src/domain/system-config/system-config.service.spec.ts

@@ -98,6 +98,7 @@ const updatedConfig = Object.freeze<SystemConfig>({
     mobileOverrideEnabled: false,
     mobileRedirectUri: '',
     scope: 'openid email profile',
+    signingAlgorithm: 'RS256',
     storageLabelClaim: 'preferred_username',
   },
   passwordLogin: {