feat: add OIDC authentication for server mode

service/config.go

@@ -11,6 +11,16 @@ type ServerConfig struct {
 	Port int    `json:"port"`
 }
 
+type OIDCConfig struct {
+	Issuer       string `json:"issuer"`
+	ClientID     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
+	// PublicURL is the externally reachable base URL of this server, used to
+	// construct the OIDC redirect URI (e.g. "https://ax.example.com:7000").
+	PublicURL string `json:"public_url"`
+	UserClaim string `json:"user_claim"` // default "preferred_username"
+}
+
 type Config interface {
 	GetUser() string
 	SetUser(username string) error
@@ -21,5 +31,7 @@ type Config interface {
 	GetServerConfig() ServerConfig
 	// GetRemoteConfig returns the remote server address and whether remote mode is enabled.
 	GetRemoteConfig() (ServerConfig, bool)
+	// GetOIDCConfig returns the OIDC configuration and whether OIDC is enabled.
+	GetOIDCConfig() (OIDCConfig, bool)
 	Save() error
 }