feat: implement OAuth 2.0 / OpenID Connect support

- Added OAuth configuration management in the admin panel.
- Implemented OAuth authorization flow with PKCE for enhanced security.
- Created routes for handling OAuth provider discovery, authorization, and callback.
- Integrated OAuth login and registration options in the frontend.
- Updated UI components to support OAuth login and registration.
- Added internationalization strings for OAuth-related messages.
- Implemented encryption for client secrets and secure state management.
- Added error handling and user feedback for OAuth processes.

src/i18n/en.json

@@ -91,7 +91,15 @@
     "emailVerificationResendSuccess": "Verification email sent!",
     "emailVerificationResendFailed": "Could not send verification email",
     "inviteOnly": "Invite Only",
-    "inviteOnlyDesc": "Registration is currently restricted. You need an invitation link from an administrator to create an account."
+    "inviteOnlyDesc": "Registration is currently restricted. You need an invitation link from an administrator to create an account.",
+    "orContinueWith": "or continue with",
+    "loginWithOAuth": "Sign in with {provider}",
+    "registerWithOAuth": "Sign up with {provider}",
+    "backToLogin": "Back to login",
+    "oauthError": "Authentication failed",
+    "oauthNoToken": "No authentication token received.",
+    "oauthLoginFailed": "Could not complete sign in. Please try again.",
+    "oauthRedirecting": "Signing you in..."
   },
   "home": {
     "poweredBy": "Powered by BigBlueButton",
@@ -395,7 +403,26 @@
     "imprintUrlSaved": "Imprint URL saved",
     "privacyUrlSaved": "Privacy Policy URL saved",
     "imprintUrlFailed": "Could not save Imprint URL",
-    "privacyUrlFailed": "Could not save Privacy Policy URL"
+    "privacyUrlFailed": "Could not save Privacy Policy URL",
+    "oauthTitle": "OAuth / SSO",
+    "oauthDescription": "Connect an OpenID Connect provider (e.g. Keycloak, Authentik, Google) to allow Single Sign-On.",
+    "oauthIssuer": "Issuer URL",
+    "oauthIssuerHint": "The OIDC issuer URL, e.g. https://auth.example.com/realms/main",
+    "oauthClientId": "Client ID",
+    "oauthClientSecret": "Client Secret",
+    "oauthClientSecretHint": "Leave blank to keep the existing secret",
+    "oauthDisplayName": "Button label",
+    "oauthDisplayNameHint": "Shown on the login page, e.g. \"Company SSO\"",
+    "oauthAutoRegister": "Auto-register new users",
+    "oauthAutoRegisterHint": "Automatically create accounts for users signing in via OAuth for the first time.",
+    "oauthSaved": "OAuth configuration saved",
+    "oauthSaveFailed": "Could not save OAuth configuration",
+    "oauthRemoved": "OAuth configuration removed",
+    "oauthRemoveFailed": "Could not remove OAuth configuration",
+    "oauthRemoveConfirm": "Really remove OAuth configuration? Users will no longer be able to sign in with SSO.",
+    "oauthNotConfigured": "OAuth is not configured yet.",
+    "oauthSave": "Save OAuth",
+    "oauthRemove": "Remove OAuth"
   },
   "notifications": {
     "bell": "Notifications",