feat: implement OpenID Connect authentication with Infomaniak

README.md

@@ -76,15 +76,34 @@ Then open your browser at `http://localhost:8000`. The web interface allows you
 - View upcoming games and practices
 - See detailed information about events including player rosters
 
+### Authentication
+
+The web interface supports two authentication methods:
+
+1. **Infomaniak OpenID Connect (Recommended)**: Click the "Se connecter avec Infomaniak" button to authenticate using Infomaniak's OIDC provider. Only users in the allowed list will be granted access.
+
+2. **Static API Key**: For development purposes, you can still use `abc` as the token.
+
+### Environment Variables
+
+To configure OIDC authentication, set the following environment variables:
+
+- `CLIENT_ID`: Your OIDC client ID (default: 8ea04fbb-4237-4b1d-a895-0b3575a3af3f)
+- `CLIENT_SECRET`: Your OIDC client secret
+- `REDIRECT_URI`: The redirect URI (default: http://localhost:8000/callback)
+- `ALLOWED_USERS`: Comma-separated list of allowed email addresses (e.g., "user1@example.com,user2@example.com")
+
 The web API provides the following endpoints:
 
 - `/schedule` - Get the schedule for a specific account
 - `/game/{game_id}` - Get details for a specific game
 - `/accounts` - Get a list of available accounts
 - `/health` - Health check endpoint
+- `/login` - Initiate OIDC login flow
+- `/callback` - Handle OIDC callback
+- `/userinfo` - Get user information
 
-All endpoints (except `/health`) require an Authorization header with a Bearer token.
-For development purposes, you can use `abc` as the token.
+All endpoints (except `/health`, `/login`, and `/callback`) require an Authorization header with a Bearer token.
 
 ## mobile functions