Add OIDC login support

.env.sample

@@ -13,6 +13,8 @@ LETS_ENCRYPT_ENV=production
 # Variables you *need* to change will me marked as such.
 # Most optional features are commented out/disabled and will need to be enabled by you after checking the documentation.
 
+COMPOSE_FILE="compose.yml"
+
 # Federation
 # ----------
 # DO NOT CHANGE DOMAIN VARIABLES AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
@@ -169,3 +171,20 @@ DEFAULT_LOCALE=en
 # SAML_UID_ATTRIBUTE=
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
+
+# OpenID Connect
+# ----
+# COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
+# OIDC_ENABLED=true
+# OIDC_DISPLAY_NAME=authentik
+# OIDC_DISCOVERY=true
+# OIDC_ISSUER=<OpenID Configuration Issuer>
+# OIDC_AUTH_ENDPOINT=https://authentik.company/application/o/authorize/
+# OIDC_SCOPE=openid,profile,email
+# OIDC_UID_FIELD=sub
+# OIDC_CLIENT_ID=<Client ID>
+# OIDC_CLIENT_SECRET=<Client Secret>
+# OIDC_REDIRECT_URI=https://mastodon.company/auth/auth/openid_connect/callback
+# OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
+# OMNIAUTH_ONLY=true
+# ONE_CLICK_SSO_LOGIN

compose.oidc.yml

@@ -0,0 +1,19 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - OIDC_ENABLED
+      - OIDC_DISPLAY_NAME
+      - OIDC_DISCOVERY
+      - OIDC_ISSUER
+      - OIDC_AUTH_ENDPOINT
+      - OIDC_SCOPE
+      - OIDC_UID_FIELD
+      - OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET
+      - OIDC_REDIRECT_URI
+      - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED
+      - OMNIAUTH_ONLY
+      - ONE_CLICK_SSO_LOGIN