feat(auth): Add external authentication (OAuth/OIDC & LDAP) with admin management, UI, and encryption support

2025-12-03 22:09:35 +00:00
parent 44e92d48f2
commit d3fd40ce2f
27 changed files with 4512 additions and 61 deletions
--- a/ts/services/auth/strategies/auth.strategy.interface.ts
+++ b/ts/services/auth/strategies/auth.strategy.interface.ts
@@ -0,0 +1,47 @@
+/**
+ * Authentication Strategy Interface
+ * Base interface for OAuth/OIDC and LDAP authentication strategies
+ */
+
+import type {
+  IExternalUserInfo,
+  IConnectionTestResult,
+} from '../../../interfaces/auth.interfaces.ts';
+
+export interface IOAuthCallbackData {
+  code: string;
+  state: string;
+  error?: string;
+  errorDescription?: string;
+}
+
+export interface IAuthStrategy {
+  /**
+   * Get the authorization URL for OAuth/OIDC flow
+   * @param state - CSRF state token
+   * @param nonce - Optional nonce for OIDC
+   * @returns Authorization URL to redirect user to
+   */
+  getAuthorizationUrl?(state: string, nonce?: string): Promise<string>;
+
+  /**
+   * Handle OAuth/OIDC callback
+   * @param data - Callback data including code and state
+   * @returns External user info from the provider
+   */
+  handleCallback?(data: IOAuthCallbackData): Promise<IExternalUserInfo>;
+
+  /**
+   * Authenticate with credentials (LDAP)
+   * @param username - Username
+   * @param password - Password
+   * @returns External user info if authentication succeeds
+   */
+  authenticateCredentials?(username: string, password: string): Promise<IExternalUserInfo>;
+
+  /**
+   * Test connection to the provider
+   * @returns Connection test result
+   */
+  testConnection(): Promise<IConnectionTestResult>;
+}