feat(oidc): client authentication modes (#5150)

This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

1 files changed, 1 insertions, 2 deletions

diff --git a/internal/configuration/validator/storage.go b/internal/configuration/validator/storage.go
index 7172383a7..035ac62e8 100644
--- a/internal/configuration/validator/storage.go
+++ b/internal/configuration/validator/storage.go
@@ -3,7 +3,6 @@ package validator
 import (
 	"errors"
 	"fmt"
-	"strings"
 
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/utils"
@@ -92,7 +91,7 @@ func validatePostgreSQLConfiguration(config *schema.PostgreSQLStorageConfigurati
 		case config.SSL.Mode == "":
 			config.SSL.Mode = schema.DefaultPostgreSQLStorageConfiguration.SSL.Mode
 		case !utils.IsStringInSlice(config.SSL.Mode, validStoragePostgreSQLSSLModes):
-			validator.Push(fmt.Errorf(errFmtStoragePostgreSQLInvalidSSLMode, strings.Join(validStoragePostgreSQLSSLModes, "', '"), config.SSL.Mode))
+			validator.Push(fmt.Errorf(errFmtStoragePostgreSQLInvalidSSLMode, strJoinOr(validStoragePostgreSQLSSLModes), config.SSL.Mode))
 		}
 	}
 }