feat(auth): add support for external JWT management via identity providers, fallback to self-signed JWTs

[hanna-daoud]

feat(auth): add support for external JWT management via identity providers, fallback to self-signed JWTs

Summary

This PR adds support for managing JWT tokens via external identity providers, such as Keycloak, with a fallback mechanism to use self-signed JWT tokens if no external provider is configured.

The motivation behind this change is to allow users to fully delegate JWT handling to their preferred identity provider for improved security and flexibility. In cases where no external provider is set up, the application will fall back to the existing self-signed JWT functionality to ensure backward compatibility.

Change Type

• New feature (non-breaking change which adds functionality)

Testing

Testing was performed locally by configuring Keycloak as the identity provider to manage JWTs. Additionally, the fallback to self-signed tokens was tested by removing the external provider configuration to ensure the original behavior is preserved.

Test Configuration:

• Node.js version: 20.17.0
• Keycloak version: 26.0

Steps to reproduce:

1. Configure the app to use Keycloak as an external identity provider.
2. Verify that JWT tokens are properly generated by the identity provider and validated within the app.
3. Remove the external identity provider configuration and confirm that the app falls back to self-signed JWT tokens without any issues.

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• My changes do not introduce new warnings
• Any changes dependent on mine have been merged and published in downstream modules.