feat: JWT bearer assertions for client authentication (#566)

Co-authored-by: Kyle Mendell <ksm@ofkm.us> Co-authored-by: Kyle Mendell <kmendell@ofkm.us> Co-authored-by: Elias Schneider <login@eliasschneider.com>
2026-02-10 19:34:18 +00:00 · 2025-06-06 03:23:51 -07:00
parent 035b2c022b
commit 05bfe00924
38 changed files with 1464 additions and 293 deletions
--- a/tests/data.ts
+++ b/tests/data.ts
@@ -35,6 +35,17 @@ export const oidcClients = {
 		callbackUrl: 'http://immich/auth/callback',
 		secret: 'PYjrE9u4v9GVqXKi52eur0eb2Ci4kc0x'
 	},
+	federated: {
+		id: "c48232ff-ff65-45ed-ae96-7afa8a9b443b",
+		name: 'Federated',
+		callbackUrl: 'http://federated/auth/callback',
+		federatedJWT: {
+			issuer:   'https://external-idp.local',
+			audience: 'api://PocketID',
+			subject:  'c48232ff-ff65-45ed-ae96-7afa8a9b443b',
+		},
+		accessCodes: ['federated']
+	},
 	pingvinShare: {
 		name: 'Pingvin Share',
 		callbackUrl: 'http://pingvin.share/auth/callback',