Auth: Add `authorize` API endpoint to implement the authorization code flow

[lastzero]

The GET /api/v1/oauth/authorize API endpoint should gather consent and authorization from resource owners when using the Authorization Code Grant flow, optionally with PKCE:

• https://github.com/photoprism/photoprism/blob/develop/internal/api/oauth_authorize.go

Since we are using the (OpenID Foundation certified) github.com/zitadel/oidc library for the recently released OIDC client implementation, the authorize and userinfo API endpoints should also be based on it (as much as possible):

• https://github.com/photoprism/photoprism/tree/develop/internal/auth/oidc
• https://github.com/zitadel/oidc

In addition, all pull requests should include unit tests - at least for the core functionality - to ensure that the changes work as expected: https://docs.photoprism.app/developer-guide/pull-requests/#acceptance-criteria

---

Documentation:

• https://docs.photoprism.app/developer-guide/api/#openid-configuration
• https://docs.photoprism.app/developer-guide/api/oidc/#service-discovery
• https://docs.photoprism.app/developer-guide/api/oauth2/

Protocol References:

• https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.2.2
• https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/
• https://www.oauth.com/oauth2-servers/authorization/requiring-user-login/
• https://www.oauth.com/oauth2-servers/authorization/the-authorization-interface/
• https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/
• https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow

Related Issues:

• https://github.com/photoprism/photoprism/issues/4369
• https://github.com/photoprism/photoprism/issues/782
• https://github.com/photoprism/photoprism/issues/3943

[andiz2]

Hi friends! I can take care of this endpoint :). Would be so much fun.

[lastzero]

@andiz2 Excellent! Since we are using the (OpenID Foundation certified) github.com/zitadel/oidc library for the recently released OIDC client implementation, the authorize and userinfo API endpoints should also be based on it (as much as possible). I suggest starting with GET /api/v1/oauth/userinfo as this should be easier.

Do you already have experience developing in Go? I'll be happy to help and give feedback on possible solutions before you implement them :)

[andiz2]

@lastzero Thanks for infos :). I've developed some projects in Go before so I can say I have some experience but I appreciate your kindness and will contact you for clarifications and feedback for sure.