Support OpenID Connect (OIDC) login to match the web plugin #626
Description
Summary
Please consider adding OIDC login to Piwigo NG. The web version already supports OIDC via the plugin; mobile should offer the same login option so instances protected by modern IdPs (Google, Azure AD, Keycloak, Authentik, Okta, Cloudflare Access, etc.) work seamlessly on mobile too.
Motivation
- Many Piwigo servers are behind an IdP or use the OIDC plugin as it provides better security. E.g. by putting it completely behind Cloudlflare Zero Trust the attack surface reduces significantly.
- Today, web works; mobile can’t log in to those servers.
- This can block real users from using the app at all.
Current behavior
Mobile only supports username/password against the Piwigo webservice. With OIDC-only servers, login is impossible.
Desired behavior
Offer an OIDC login option that works the same way as the web version (using the existing OIDC plugin on the server). No special workarounds needed.
Acceptance criteria
- From the login screen I can choose “Sign in with my Identity Provider (OIDC)”.
- I can authenticate with a chosen IdP’s normal flow and land in the app logged in.
- I stay signed in across app restarts until I explicitly sign out.
- Sign out works and takes me back to the login screen.
- Verified to work with at least two common IdPs (e.g., Cloudflare and Google).