mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 2 Actions Packages Projects Releases 2 Wiki Activity
Files
70a6bc82e0b575ff2a39b7017fea3fed888efd38
stack/apps/api/src/federation/dto/federated-auth.dto.ts
Jason Woltje 6878d57c83 feat(#86): implement Authentik OIDC integration for federation 
Implements federated authentication infrastructure using OIDC:

- Add FederatedIdentity model to Prisma schema for identity mapping
- Create OIDCService with identity linking and token validation
- Add FederationAuthController with 5 endpoints:
  * POST /auth/initiate - Start federated auth flow
  * POST /auth/link - Link identity to remote instance
  * GET /auth/identities - List user's federated identities
  * DELETE /auth/identities/:id - Revoke identity
  * POST /auth/validate - Validate federated token
- Create comprehensive type definitions for OIDC flows
- Add audit logging for security events
- Write 24 passing tests (14 service + 10 controller)
- Achieve 79% coverage for OIDCService, 100% for controller

Notes:
- Token validation and auth URL generation are placeholder implementations
- Full JWT validation will be added when federation OIDC is actively used
- Identity mappings enforce workspace isolation
- All endpoints require authentication except /validate

Refs #86

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 12:34:24 -06:00

52 lines
858 B
TypeScript
Raw Blame History

/**
* Federated Authentication DTOs
*
* Data transfer objects for federated OIDC authentication endpoints.
*/
import { IsString, IsEmail, IsOptional, IsObject } from "class-validator";
/**
* DTO for initiating federated authentication
*/
export class InitiateFederatedAuthDto {
@IsString()
remoteInstanceId!: string;
@IsOptional()
@IsString()
redirectUrl?: string;
}
/**
* DTO for linking federated identity
*/
export class LinkFederatedIdentityDto {
@IsString()
remoteInstanceId!: string;
@IsString()
remoteUserId!: string;
@IsString()
oidcSubject!: string;
@IsEmail()
email!: string;
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
}
/**
* DTO for validating federated token
*/
export class ValidateFederatedTokenDto {
@IsString()
token!: string;
@IsString()
instanceId!: string;
}
Reference in New Issue View Git Blame Copy Permalink