OIDC: Support EdDSA tokens

[nicholascioli]

When trying to login with an OIDC provider that uses the EdDSA / ed25519 token algorithm, ryot breaks during the login flow, returning an Unexpected Server Error. The logs show the following:

2024-12-13T09:05:24.072430420+00:00 stdout F [frontend] ClientError: Failed to parse server response: {"response":{"data":null,"errors":[{"message":"Failed to parse server response","locations":[{"line":2,"column":3}],"path":["getOidcToken"]}],"status":200,"headers":{}},"request":{"query":"query GetOidcToken($code: String!) {\n  getOidcToken(code: $code) {\n    subject\n    email\n  }\n}","variables":{"code":"REDACTED"}}}
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at runRequest (file:///home/ryot/node_modules/graphql-request/src/legacy/helpers/runRequest.ts:105:12)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at AuthenticatedGraphQLClient.request (file:///home/ryot/node_modules/graphql-request/src/legacy/classes/GraphQLClient.ts:131:22)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at loader$2 (file:///home/ryot/build/server/index.js?t=1733052655000:16625:28)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at Object.callRouteLoader (/home/ryot/node_modules/@remix-run/server-runtime/dist/data.js:59:16)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at /home/ryot/node_modules/@remix-run/router/router.ts:4899:19
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at callLoaderOrAction (/home/ryot/node_modules/@remix-run/router/router.ts:4963:16)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at async Promise.all (index 0)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at defaultDataStrategy (/home/ryot/node_modules/@remix-run/router/router.ts:4772:17)
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     at callDataStrategyImpl (/home/ryot/node_modules/@remix-run/router/router.ts:4835:17) {
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]   response: {
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     data: null,
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     errors: [ [Object] ],
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     extensions: undefined,
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     status: 200,
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     headers: Headers {
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       'access-control-allow-credentials': 'true',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       'content-length': '130',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       'content-type': 'application/json',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       date: 'Fri, 13 Dec 2024 09:05:23 GMT',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       server: 'Caddy',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       vary: 'origin, access-control-request-method, access-control-request-headers'
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     }
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]   },
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]   request: {
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     query: 'query GetOidcToken($code: String!) {\n' +
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       '  getOidcToken(code: $code) {\n' +
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       '    subject\n' +
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       '    email\n' +
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       '  }\n' +
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       '}',
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     variables: {
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]       code: 'REDACTED'
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]     }
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend]   }
2024-12-13T09:05:24.072430420+00:00 stdout F [frontend] }
2024-12-13T09:05:24.073765708+00:00 stdout F [frontend] GET /api/auth?code=REDACTED&state=REDACTED 500 - - 133.830 ms

This seems to be because EdDSA support in openidconnect requires at least version 4.0.0-rc.1.

For now, setting the token algorithm to any of the RSA family fixes the issue, but I'd prefer to use EdDSA since it seems to be the more secure standard.

[IgnisDa]

I will only perform this upgrade once openidconnect v4 becomes stable.