added more support for supabase-js

.trae/documents/plan_20260311_230519.md

@@ -0,0 +1,33 @@
+# Implement Phase 5.1: Advanced Authentication
+
+I will implement **Extended OAuth Providers** and **Enterprise SSO (OIDC)**.
+
+## 1. Extended OAuth Providers
+**Goal**: Add support for Azure (Microsoft), GitLab, Bitbucket, and Discord.
+
+-   **Config**: Update `common/src/config.rs` to read new env vars:
+    -   `AZURE_CLIENT_ID` / `_SECRET`
+    -   `GITLAB_CLIENT_ID` / `_SECRET`
+    -   `BITBUCKET_CLIENT_ID` / `_SECRET`
+    -   `DISCORD_CLIENT_ID` / `_SECRET`
+-   **Implementation**: Update `auth/src/oauth.rs`:
+    -   Extend `get_client` with new provider URLs.
+    -   Extend `fetch_user_profile` with new user info endpoints and parsing logic.
+
+## 2. Enterprise SSO (OIDC)
+**Goal**: Implement OIDC support for enterprise identity providers (e.g., Okta, Auth0, Google Workspace).
+
+-   **Dependencies**: Add `openidconnect` to `auth/Cargo.toml`.
+-   **Schema**: Create `auth.sso_providers` table to store OIDC config per domain/project.
+    -   Columns: `id`, `resource_id`, `domain`, `oidc_issuer_url`, `oidc_client_id`, `oidc_client_secret`, `created_at`, `updated_at`.
+-   **Implementation**: Create `auth/src/sso.rs`.
+    -   `POST /auth/v1/sso`: Accepts `domain` or `provider_id`. Discovers OIDC config, generates authorization URL.
+    -   `GET /auth/v1/sso/callback`: Handles the code exchange, fetches user info, creates/links user.
+
+## Execution Steps
+1.  **Update Config**: Modify `common/src/config.rs`.
+2.  **Add Dependencies**: Update `auth/Cargo.toml`.
+3.  **Schema Migration**: Create `migrations/20260312000001_add_sso.sql`.
+4.  **Implement OAuth**: Update `auth/src/oauth.rs`.
+5.  **Implement SSO**: Create `auth/src/sso.rs`.
+6.  **Register Routes**: Update `auth/src/lib.rs`.