Is your feature request related to a problem? Please describe.
The management UI only supports username/password login. The backend already supports OAuth2/JWT for AMQP connections, but there's no interactive OAuth2 flow for the UI.

Describe the solution you'd like

• OAuth2 Authorization Code Flow with PKCE (/oauth/authorize, /oauth/callback endpoints)
• "Sign in with SSO" button on the login page when oauth_issuer_url is configured