feat(server): add configurable OAuth prompt parameter

[sparsh985]

Description

Add a configurable prompt field to the OAuth system config, allowing admins to set the OIDC prompt parameter (e.g. select_account, login, consent) from the admin settings.

This addresses a common issue where users with multiple Google accounts are not prompted to select an account during OAuth login. By making this configurable (rather than hardcoding), it remains compatible with OIDC providers that don't support select_account (the OIDC spec marks it as optional).

Defaults to an empty string, which preserves current behavior (no prompt parameter sent).

Discussed in #20762

How Has This Been Tested?

• pnpm --filter immich run check — TypeScript type check passes
• pnpm --filter immich run test — All unit tests pass
• OAuth e2e tests pass

API Changes

The SystemConfigOAuthDto now includes a new prompt field (string, defaults to ""). This affects the /api/system-config endpoint.

Checklist:

• I have carefully read CONTRIBUTING.md
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation if applicable
• I have no unrelated changes in the PR.
• I have confirmed that any new dependencies are strictly necessary.
• I have written tests for new code (if applicable)
• I have followed naming conventions/patterns in the surrounding code
• All code in src/services/ uses repositories implementations for database calls, filesystem operations, etc.
• All code in src/repositories/ is pretty basic/simple and does not have any immich specific logic (that belongs in src/services/)

Please describe to which degree, if any, an LLM was used in creating this pull request.

An LLM (Claude) was used to assist with implementing the code changes.

[bo0tzz]

Please fill out the complete PR template

[sparsh985]

Please fill out the complete PR template

@bo0tzz I've filled out the template. Do let me know incase it looks alright.

[danieldietzler]

This seems fine to me. Could you please look into whether you can get an e2e test for this (we already have a oauth.e2e-spec.ts). Also, note our contributing guidelines https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai :)

[danieldietzler]

Oh and also, generate the open API files please (make open-api in the root directory, https://docs.immich.app/developer/open-api)

[sparsh985]

This seems fine to me. Could you please look into whether you can get an e2e test for this (we already have a oauth.e2e-spec.ts). Also, note our contributing guidelines https://github.com/immich-app/immich/blob/main/CONTRIBUTING.md#use-of-generative-ai :)

Hi @danieldietzler, I've added the e2e test for this. Thanks for the guidelines, I'll limit my use for LLM and use it as minimally as possible, since I'm still learning things.

Oh and also, generate the open API files please (make open-api in the root directory, https://docs.immich.app/developer/open-api)

I did generate those already, do they look wrong?

[danieldietzler]

The open-api check (https://github.com/immich-app/immich/actions/runs/22958235237/job/66654018513?pr=26755) is failing, so it must be outdated somehow. Maybe try running pnpm i and rebase on main and then generate it again

[danieldietzler]

Looks good, thanks!

[sparsh985]

I've made the prompt field optional in the DTO to avoid a breaking API change. Existing clients that don't send prompt will use the default (empty string), which preserves current behavior. The field is fully functional when explicitly set.