OpenID Connect support (#3975)

Co-authored-by: DieselTech <30128380+DieselTech@users.noreply.github.com>
Co-authored-by: majora2007 <josephmajora@gmail.com>

API/DTOs/Settings/AuthorityValidationDto.cs

@@ -0,0 +1,3 @@
+namespace API.DTOs.Settings;
+
+public sealed record AuthorityValidationDto(string Authority);

API/DTOs/Settings/OidcConfigDto.cs

@@ -0,0 +1,68 @@
+#nullable enable
+
+using System.Collections.Generic;
+using System.Security.Claims;
+using API.Entities.Enums;
+
+namespace API.DTOs.Settings;
+
+/// <summary>
+/// All configuration regarding OIDC
+/// </summary>
+/// <remarks>This class is saved as a JsonObject in the DB, assign default values to prevent unexpected NPE</remarks>
+public sealed record OidcConfigDto: OidcPublicConfigDto
+{
+    /// <summary>
+    /// Optional OpenID Connect Authority URL. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string Authority { get; set; } = string.Empty;
+    /// <summary>
+    /// Optional OpenID Connect ClientId, defaults to kavita. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string ClientId { get; set; } = string.Empty;
+    /// <summary>
+    /// Optional OpenID Connect Secret. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string Secret { get; set; } = string.Empty;
+    /// <summary>
+    /// If true, auto creates a new account when someone logs in via OpenID Connect
+    /// </summary>
+    public bool ProvisionAccounts { get; set; } = false;
+    /// <summary>
+    /// Require emails to be verified by the OpenID Connect provider when creating accounts on login
+    /// </summary>
+    public bool RequireVerifiedEmail { get; set; } = true;
+    /// <summary>
+    /// Overwrite Kavita roles, libraries and age rating with OpenIDConnect provided roles on log in.
+    /// </summary>
+    public bool SyncUserSettings { get; set; } = false;
+    /// <summary>
+    /// A prefix that all roles Kavita checks for during sync must have
+    /// </summary>
+    public string RolesPrefix { get; set; } = string.Empty;
+    /// <summary>
+    /// The JWT claim roles are mapped under, defaults to <see cref="ClaimTypes.Role"/>
+    /// </summary>
+    public string RolesClaim { get; set; } = ClaimTypes.Role;
+    /// <summary>
+    /// Custom scopes Kavita should request from your OIDC provider
+    /// </summary>
+    /// <remarks>Advanced setting</remarks>
+    public List<string> CustomScopes { get; set; } = [];
+
+    // Default values used when SyncUserSettings is false
+    #region Default user settings
+
+    public List<string> DefaultRoles { get; set; } = [];
+    public List<int> DefaultLibraries { get; set; } = [];
+    public AgeRating DefaultAgeRestriction { get; set; } = AgeRating.Unknown;
+    public bool DefaultIncludeUnknowns { get; set; } = false;
+
+    #endregion
+
+
+    /// <summary>
+    /// Returns true if the <see cref="OidcPublicConfigDto.Authority"/> has been set
+    /// </summary>
+    public bool Enabled => !string.IsNullOrEmpty(Authority);
+}

API/DTOs/Settings/OidcPublicConfigDto.cs

@@ -0,0 +1,24 @@
+#nullable enable
+
+namespace API.DTOs.Settings;
+
+/**
+ * The part of the OIDC configuration that is returned by the API without authentication
+ */
+public record OidcPublicConfigDto
+{
+    /// <summary>
+    /// Automatically redirect to the Oidc login screen
+    /// </summary>
+    public bool AutoLogin { get; set; }
+    /// <summary>
+    /// Disables password authentication for non-admin users
+    /// </summary>
+    public bool DisablePasswordAuthentication { get; set; }
+    /// <summary>
+    /// Name of your provider, used to display on the login screen
+    /// </summary>
+    /// <remarks>Default to OpenID Connect</remarks>
+    public string ProviderName { get; set; } = "OpenID Connect";
+    public bool Enabled { get; set; } = false;
+}

API/DTOs/Settings/ServerSettingDTO.cs

@@ -92,6 +92,11 @@ public sealed record ServerSettingDto
     /// SMTP Configuration
     /// </summary>
     public SmtpConfigDto SmtpConfig { get; set; }
+    /// <summary>
+    /// OIDC Configuration
+    /// </summary>
+    public OidcConfigDto OidcConfig { get; set; }
+
     /// <summary>
     /// The Date Kavita was first installed
     /// </summary>