feat: Add key bound refresh token support (#354)

Remote Redirect URIs Support (#356)

Upgrade GQ library from bigmod 0.0.3 to 0.1.0 (#353)

Add OP EdDSA signature algorithm support (#350)

Implement hybrid approach for signature verification:
- Generic verification path for RS256, ES256, and EdDSA
- Key type validation (prevents algorithm substitution attacks)
- EdDSA support in mock providers (backend and token generation)

All algorithms now verified through single code path with
security validation to ensure key types match declared algorithms.

* Add RSA w/private key NewPublicKeyRecord test

* Add retries and back-off to mock WebChooser

Add configurable GQ audience prefix (#348)

* Add configurable GQ audience prefix

GQ signatures previously required a hard-coded audience prefix
"OPENPUBKEY-PKTOKEN:". This change makes the prefix configurable
through a new GQAudiencePrefix field in ProviderVerifierOpts.

This is useful when the OIDC provider doesn't support setting
an audience prefix in that format (e.g. Vault).

Add ed25519 key support to GenKeyPair function (#339)

Signed-off-by: Hidoni <git@hidoni.com>

feat: Add 12hr max age expiration policy (#336)

Signed-off-by: William E Little Jr <90572149+bmodotdev@users.noreply.github.com>

Better test coverage for userinfo (#333)

feat: Adds ability to call userinfo on providers (#330)

Creates Access token getter in client (#328)

* Fixes incorrect comment

* Adds ability to read the Access Token