feat(auth): support RS256 + OIDC discovery (JWKS auto-fetch)

Add Jwt__Algorithm config to choose between HS256 (shared symmetric key, existing behavior, default) and RS256 (Authority-based OIDC discovery, public-key auto-fetch with periodic refresh). RS256 mode makes the server compatible with any standard OAuth 2.1 / OIDC provider (Logto, ZITADEL, Keycloak, Auth0) without requiring a shared secret. HS256 mode remains the default for minimal self-built AS setups.
2026-05-18 00:18:50 +08:00
parent 71600adba9
commit 1ccddae692
4 changed files with 96 additions and 13 deletions
@@ -15,6 +15,7 @@
    "MaxFileBytes": 1048576
  },
  "Jwt": {
+    "Algorithm": "HS256",
    "Issuer": "",
    "Audience": "gitea",
    "SigningKey": {