Add OAuth2 / OIDC Corporate Authentication to Backend

[mjabascal10]

Describe the feature

Implement Single Sign-On (SSO) support via OAuth2 / OpenID Connect (OIDC) so that users can log in using their corporate accounts from an external Identity Provider (IdP).
The backend should validate OAuth2 tokens from the IdP, map user information to the existing authentication model, and issue the application’s own JWT for session management.

Use Case

Currently, users authenticate with local credentials, which increases friction and maintenance overhead.
By enabling corporate OAuth2 / OIDC authentication, organizations can:
• Leverage existing corporate accounts for login.
• Reduce password management overhead.
• Improve security with centralized identity management.
• Simplify onboarding and offboarding of employees.

Proposed Solution

1.	Configure the backend as an OAuth2 Client that can connect to any external IdP supporting OAuth2 / OIDC.
2.	Implement login endpoints that redirect users to the IdP for authentication.
3.	Validate the ID Token or Access Token returned by the IdP and extract user attributes (email, name, profile, roles).
4.	Optionally restrict login to a set of allowed domains or organizations.
5.	Map user attributes to the existing authentication model and generate the application’s own JWT.
6.	Maintain support for existing JWT-based authentication and authorization for API requests.
7.	Provide configuration options via environment variables or config files for clientId, clientSecret, redirectUri, scopes, and allowed domains.
8.	Document setup steps and examples for integrating with common IdPs (Google Workspace, Microsoft Azure AD, Okta, etc.).