feat: support OIDC id_token

- generate JWT id_token in token exchange
- store optional nonce in authorization object
- switch to RS256 algorithm for JWT signature
- add JWKs endpoint to provide OIDC clients with public keys

tests/hurl_integration/oidc_core/config.toml

@@ -1,3 +1,5 @@
+signing_key = "tmp/secrets/signing.key"
+
 [instance]
 base_uri = "http://localhost:8086"
 name = "Example org"

tests/hurl_integration/oidc_core/main.hurl

@@ -1,6 +1,6 @@
 POST {{ base_url }}/login
 [FormParams]
-login: root
+login: john.doe
 password: root
 HTTP 303
 [Captures]

tests/hurl_integration/scenario_1/config.toml

@@ -1,3 +1,5 @@
+signing_key = "tmp/secrets/signing.key"
+
 [instance]
 base_uri = "http://localhost:8086"
 name = "Example org"

tests/hurl_integration/scenario_1/main.hurl

@@ -27,7 +27,7 @@ handle: root
 email: root@johndoe.net
 full_name: John Doe
 website: https://johndoe.net
-picture: file,john_doe_profile_pic.jpg; image/jpeg
+avatar: file,john_doe_profile_pic.jpg; image/jpeg
 HTTP 200
 
 GET {{ base_url }}/me/authorizations

tests/hurl_integration/user_invitation_scenario/config.toml

@@ -1,3 +1,4 @@
+signing_key = "tmp/secrets/signing.key"
 applications = []
 
 roles = []