mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat(#86): implement Authentik OIDC integration for federation

Browse Source 
Implements federated authentication infrastructure using OIDC:

- Add FederatedIdentity model to Prisma schema for identity mapping
- Create OIDCService with identity linking and token validation
- Add FederationAuthController with 5 endpoints:
  * POST /auth/initiate - Start federated auth flow
  * POST /auth/link - Link identity to remote instance
  * GET /auth/identities - List user's federated identities
  * DELETE /auth/identities/:id - Revoke identity
  * POST /auth/validate - Validate federated token
- Create comprehensive type definitions for OIDC flows
- Add audit logging for security events
- Write 24 passing tests (14 service + 10 controller)
- Achieve 79% coverage for OIDCService, 100% for controller

Notes:
- Token validation and auth URL generation are placeholder implementations
- Full JWT validation will be added when federation OIDC is actively used
- Identity mappings enforce workspace isolation
- All endpoints require authentication except /validate

Refs #86

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-03 12:34:24 -06:00
parent df2086ffe8
commit 6878d57c83
13 changed files with 1452 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/api/src/federation/federation.module.ts
View File

@@ -8,11 +8,13 @@ import { Module } from "@nestjs/common";
import { ConfigModule } from "@nestjs/config";
import { HttpModule } from "@nestjs/axios";
import { FederationController } from "./federation.controller";
import { FederationAuthController } from "./federation-auth.controller";
import { FederationService } from "./federation.service";
import { CryptoService } from "./crypto.service";
import { FederationAuditService } from "./audit.service";
import { SignatureService } from "./signature.service";
import { ConnectionService } from "./connection.service";
import { OIDCService } from "./oidc.service";
import { PrismaModule } from "../prisma/prisma.module";
@Module({
@@ -24,14 +26,15 @@ import { PrismaModule } from "../prisma/prisma.module";
maxRedirects: 5,
}),
],
controllers: [FederationController],
controllers: [FederationController, FederationAuthController],
providers: [
FederationService,
CryptoService,
FederationAuditService,
SignatureService,
ConnectionService,
OIDCService,
],
exports: [FederationService, CryptoService, SignatureService, ConnectionService],
exports: [FederationService, CryptoService, SignatureService, ConnectionService, OIDCService],
})
export class FederationModule {}