feat: design pluggable authentication architecture (#455)#490
Merged
Conversation
|
@Ceejaytech25 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Author
|
@ayomideadeniran , pls review |
Contributor
|
@Ceejaytech25 , LGTM! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Resolves #455
This PR introduces a highly resilient, pluggable authentication architecture designed to seamlessly support multiple authentication mechanisms (OAuth, SAML, DID) while maintaining a unified identity model across the SoroTask platform.
🚀 Key Features & Architectural Changes
IdentityManager.ts): Introduces a normalization layer that takes disparate identity profiles (OAuth subjects, SAML NameIDs, DID addresses) and maps them to our standardizedUsermodel with consistent roles and permission handling.AuthPipeline.ts): Built a fault-tolerant pipeline that acts as the entry point for authentication requests. It handles dynamic provider registration, request routing, and strict error tracking.providers/):OAuthProvider: Foundation for standard OAuth2 integrations (Google, GitHub, etc.).SAMLProvider: Foundation for enterprise Single Sign-On (SSO) integrations.DIDProvider: Support for Web3/Stellar decentralized identities and cryptographic signatures.types.ts): Fully typed interfaces for credentials, provider configurations, and authentication results to guarantee strict architectural boundaries.🛠️ Fixes & Improvements
frontend/jest.config.jsthat was preventing test suites from running properly.✅ Testing
src/lib/authmodule.📋 Reviewer Notes
This serves as the foundational backend infrastructure for our new authentication flows. It is currently designed to cleanly integrate into the existing NextAuth configuration or act as a standalone service interface moving forward.
Closes #455
Closes #456