goplt/docs/content/stories/epic8/8.1-oidc-support.md

Story 8.1: OpenID Connect (OIDC) Support

Metadata

• Story ID: 8.1
• Title: OpenID Connect (OIDC) Support
• Epic: 8 - Advanced Features & Polish
• Status: Pending
• Priority: Low
• Estimated Time: 6-8 hours
• Dependencies: 2.1

Goal

Add OpenID Connect (OIDC) support for external identity providers and OIDC provider capabilities.

Description

This story implements OIDC client support for validating tokens from external IdPs and optional OIDC provider functionality.

Deliverables

1. OIDC Client Support

• Install github.com/coreos/go-oidc
• Validate tokens from external IdP
• Map claims to internal user
• Integration with authentication system

2. OIDC Provider (Optional)

• Discovery endpoint
• JWKS endpoint
• Token endpoint
• UserInfo endpoint

3. Documentation

• Document OIDC setup in docs/auth.md
• Configuration examples
• Integration guide

Acceptance Criteria

• OIDC client validates external tokens
• Claims are mapped to internal users
• OIDC provider works (if implemented)
• Documentation is complete

Files to Create/Modify

• internal/auth/oidc_client.go - OIDC client
• internal/auth/oidc_provider.go - OIDC provider (optional)
• docs/auth.md - OIDC documentation