feat: implement OAuth 2.0 / OpenID Connect support

- Added OAuth configuration management in the admin panel.
- Implemented OAuth authorization flow with PKCE for enhanced security.
- Created routes for handling OAuth provider discovery, authorization, and callback.
- Integrated OAuth login and registration options in the frontend.
- Updated UI components to support OAuth login and registration.
- Added internationalization strings for OAuth-related messages.
- Implemented encryption for client secrets and secure state management.
- Added error handling and user feedback for OAuth processes.

server/routes/branding.js

@@ -6,6 +6,7 @@ import { fileURLToPath } from 'url';
 import { getDb } from '../config/database.js';
 import { authenticateToken, requireAdmin } from '../middleware/auth.js';
 import { log } from '../config/logger.js';
+import { getOAuthConfig } from '../config/oauth.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -96,6 +97,17 @@ router.get('/', async (req, res) => {
     const imprintUrl = await getSetting('imprint_url');
     const privacyUrl = await getSetting('privacy_url');
 
+    // OAuth: expose whether OAuth is enabled + display name for login page
+    let oauthEnabled = false;
+    let oauthDisplayName = null;
+    try {
+      const oauthConfig = await getOAuthConfig();
+      if (oauthConfig) {
+        oauthEnabled = true;
+        oauthDisplayName = oauthConfig.displayName || 'SSO';
+      }
+    } catch { /* not configured */ }
+
     res.json({
       appName: appName || 'Redlight',
       hasLogo: !!logoFile,
@@ -104,6 +116,8 @@ router.get('/', async (req, res) => {
       registrationMode: registrationMode || 'open',
       imprintUrl: imprintUrl || null,
       privacyUrl: privacyUrl || null,
+      oauthEnabled,
+      oauthDisplayName,
     });
   } catch (err) {
     log.branding.error('Get branding error:', err);