feat(auth): implement OAuth 2.0 authorization code flow and dynamic client registration

- Add OAuth 2.0 support with authorization code flow and dynamic client registration. - Introduce new handlers for OAuth metadata, client registration, authorization, and token issuance. - Enhance authentication middleware to support OAuth client credentials. - Create in-memory stores for authorization codes and tokens. - Update configuration to include OAuth client details. - Ensure validation checks for OAuth clients in the configuration.
2026-03-26 21:17:55 +02:00
parent ed05d390b7
commit 56c84df342
19 changed files with 970 additions and 40 deletions
--- a/internal/config/validate_test.go
+++ b/internal/config/validate_test.go
@@ -67,3 +67,47 @@ func TestValidateRejectsEmptyAuthKeyValue(t *testing.T) {
 		t.Fatal("Validate() error = nil, want error for empty auth key value")
 	}
 }
+
+func TestValidateAcceptsOAuthClients(t *testing.T) {
+	cfg := validConfig()
+	cfg.Auth = AuthConfig{
+		OAuth: OAuthConfig{
+			Clients: []OAuthClient{{
+				ID:           "oauth-client",
+				ClientID:     "client-id",
+				ClientSecret: "client-secret",
+			}},
+		},
+	}
+
+	if err := cfg.Validate(); err != nil {
+		t.Fatalf("Validate() error = %v", err)
+	}
+}
+
+func TestValidateAcceptsBothAuthMethods(t *testing.T) {
+	cfg := validConfig()
+	cfg.Auth = AuthConfig{
+		Keys: []APIKey{{ID: "key1", Value: "secret"}},
+		OAuth: OAuthConfig{
+			Clients: []OAuthClient{{
+				ID:           "oauth-client",
+				ClientID:     "client-id",
+				ClientSecret: "client-secret",
+			}},
+		},
+	}
+
+	if err := cfg.Validate(); err != nil {
+		t.Fatalf("Validate() error = %v", err)
+	}
+}
+
+func TestValidateRejectsEmptyAuth(t *testing.T) {
+	cfg := validConfig()
+	cfg.Auth = AuthConfig{}
+
+	if err := cfg.Validate(); err == nil {
+		t.Fatal("Validate() error = nil, want error when neither auth.keys nor auth.oauth.clients is configured")
+	}
+}