48 lines
1.2 KiB
Markdown
48 lines
1.2 KiB
Markdown
# Story 8.1: OpenID Connect (OIDC) Support
|
|
|
|
## Metadata
|
|
- **Story ID**: 8.1
|
|
- **Title**: OpenID Connect (OIDC) Support
|
|
- **Epic**: 8 - Advanced Features & Polish
|
|
- **Status**: Pending
|
|
- **Priority**: Low
|
|
- **Estimated Time**: 6-8 hours
|
|
- **Dependencies**: 2.1
|
|
|
|
## Goal
|
|
Add OpenID Connect (OIDC) support for external identity providers and OIDC provider capabilities.
|
|
|
|
## Description
|
|
This story implements OIDC client support for validating tokens from external IdPs and optional OIDC provider functionality.
|
|
|
|
## Deliverables
|
|
|
|
### 1. OIDC Client Support
|
|
- Install `github.com/coreos/go-oidc`
|
|
- Validate tokens from external IdP
|
|
- Map claims to internal user
|
|
- Integration with authentication system
|
|
|
|
### 2. OIDC Provider (Optional)
|
|
- Discovery endpoint
|
|
- JWKS endpoint
|
|
- Token endpoint
|
|
- UserInfo endpoint
|
|
|
|
### 3. Documentation
|
|
- Document OIDC setup in `docs/auth.md`
|
|
- Configuration examples
|
|
- Integration guide
|
|
|
|
## Acceptance Criteria
|
|
- [ ] OIDC client validates external tokens
|
|
- [ ] Claims are mapped to internal users
|
|
- [ ] OIDC provider works (if implemented)
|
|
- [ ] Documentation is complete
|
|
|
|
## Files to Create/Modify
|
|
- `internal/auth/oidc_client.go` - OIDC client
|
|
- `internal/auth/oidc_provider.go` - OIDC provider (optional)
|
|
- `docs/auth.md` - OIDC documentation
|
|
|