34 lines
1.7 KiB
Markdown
34 lines
1.7 KiB
Markdown
# Implement Phase 5.1: Advanced Authentication
|
|
|
|
I will implement **Extended OAuth Providers** and **Enterprise SSO (OIDC)**.
|
|
|
|
## 1. Extended OAuth Providers
|
|
**Goal**: Add support for Azure (Microsoft), GitLab, Bitbucket, and Discord.
|
|
|
|
- **Config**: Update `common/src/config.rs` to read new env vars:
|
|
- `AZURE_CLIENT_ID` / `_SECRET`
|
|
- `GITLAB_CLIENT_ID` / `_SECRET`
|
|
- `BITBUCKET_CLIENT_ID` / `_SECRET`
|
|
- `DISCORD_CLIENT_ID` / `_SECRET`
|
|
- **Implementation**: Update `auth/src/oauth.rs`:
|
|
- Extend `get_client` with new provider URLs.
|
|
- Extend `fetch_user_profile` with new user info endpoints and parsing logic.
|
|
|
|
## 2. Enterprise SSO (OIDC)
|
|
**Goal**: Implement OIDC support for enterprise identity providers (e.g., Okta, Auth0, Google Workspace).
|
|
|
|
- **Dependencies**: Add `openidconnect` to `auth/Cargo.toml`.
|
|
- **Schema**: Create `auth.sso_providers` table to store OIDC config per domain/project.
|
|
- Columns: `id`, `resource_id`, `domain`, `oidc_issuer_url`, `oidc_client_id`, `oidc_client_secret`, `created_at`, `updated_at`.
|
|
- **Implementation**: Create `auth/src/sso.rs`.
|
|
- `POST /auth/v1/sso`: Accepts `domain` or `provider_id`. Discovers OIDC config, generates authorization URL.
|
|
- `GET /auth/v1/sso/callback`: Handles the code exchange, fetches user info, creates/links user.
|
|
|
|
## Execution Steps
|
|
1. **Update Config**: Modify `common/src/config.rs`.
|
|
2. **Add Dependencies**: Update `auth/Cargo.toml`.
|
|
3. **Schema Migration**: Create `migrations/20260312000001_add_sso.sql`.
|
|
4. **Implement OAuth**: Update `auth/src/oauth.rs`.
|
|
5. **Implement SSO**: Create `auth/src/sso.rs`.
|
|
6. **Register Routes**: Update `auth/src/lib.rs`.
|