This commit implements a comprehensive OAuth2 authentication framework that provides:
**Core Components:**
- Generic OAuth2 provider with authorization code and direct token flows
- Comprehensive configuration system with pre-configured provider settings
- State manager for CSRF protection with secure parameter handling
- Token manager for secure storage, refresh detection, and expiration tracking
- Flow handler for authorization URLs, code exchange, and user info retrieval
**Security Features:**
- CSRF protection via cryptographically secure state parameters
- Automatic token refresh with configurable thresholds
- One-time use state parameter validation
- Secure token and user profile storage using StateStore interface
- Proper error handling without exposing sensitive information
**Pre-configured Providers:**
- Google OAuth2 with OpenID Connect support
- GitHub OAuth2 with user profile mapping
- Microsoft OAuth2 with Graph API integration
- Facebook OAuth2 with profile picture handling
**Developer Experience:**
- Factory pattern for easy provider instantiation
- Quick helper functions: QuickGoogle(), QuickGitHub(), QuickMicrosoft(), QuickFacebook()
- Flexible configuration supporting maps, structs, and tagged configurations
- Extensible profile mapping system for custom providers
- Comprehensive error types with descriptive messages
**Testing & Documentation:**
- 72.8% test coverage with comprehensive unit tests
- Mock-based testing for all major components
- Detailed README with usage examples and security considerations
- Table-driven tests covering success and failure scenarios
**Files Added:**
- pkg/auth/providers/oauth2/provider.go - Main OAuth2 provider implementation
- pkg/auth/providers/oauth2/config.go - Configuration and provider presets
- pkg/auth/providers/oauth2/flow.go - OAuth2 flow handlers
- pkg/auth/providers/oauth2/state.go - CSRF state parameter management
- pkg/auth/providers/oauth2/token.go - Token storage and management
- pkg/auth/providers/oauth2/profile.go - User profile mapping utilities
- pkg/auth/providers/oauth2/factory.go - Provider factory with quick helpers
- pkg/auth/providers/oauth2/types.go - OAuth2 type definitions
- pkg/auth/providers/oauth2/errors.go - OAuth2-specific errors
- pkg/auth/providers/oauth2/README.md - Comprehensive documentation
- Complete test suite for all components
This implementation provides the foundation for Phase 2.5 OAuth2 provider implementations
while maintaining the plugin architecture principles and security best practices.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add comprehensive WebAuthn/FIDO2 support with dual-mode functionality for both
passwordless authentication and multi-factor authentication (MFA).
Key features:
- Dual-mode provider implementing both AuthProvider and MFAProvider interfaces
- Full WebAuthn protocol support using go-webauthn/webauthn library
- Credential and challenge management via StateStore interface
- Configurable security options (attestation, user verification, resident keys)
- Comprehensive test coverage (61%) with mock implementations
- Support for registration and authentication flows
- Counter validation to detect cloned authenticators
- Challenge expiration and one-time use enforcement
Implementation includes:
- pkg/auth/providers/webauthn/: Complete WebAuthn provider package
- provider.go: Main dual-mode provider implementation
- types.go: WebAuthn-specific types and structures
- config.go: Configuration with validation
- credential.go: Credential storage and management
- challenge.go: Challenge generation and validation
- factory.go: Provider factory for instantiation
- errors.go: WebAuthn-specific error types
- Comprehensive test files for all components
- README.md: Documentation with usage examples
This completes Phase 2.3 and partially completes Phase 3.3 of the project plan,
as the provider supports both primary authentication and MFA modes.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add comprehensive tests for pkg/log achieving 100% coverage
- Add tests for basic auth provider factory and utils (98.5% coverage)
- Fix missing HTTP status mapping for validation errors in internal/errors
- Overall test coverage improved from 49.1% to 81.0%
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add tests for internal/errors package (100% coverage)
- Test all error types: AuthError, PluginError, ValidationError, StorageError
- Test error creation helpers and convenience functions
- Test HTTP error mapping and response writing
- Fix import shadowing issue in http.go
- Add tests for pkg/auth2 package (100% coverage)
- Test Auth2 instance creation and configuration
- Test provider registration and retrieval
- Test concurrent operations for thread safety
- Test version information functions
- Add tests for pkg/config package (98.5% coverage)
- Test configuration validation for all sub-configs
- Test configuration save/load functionality
- Test logging configuration
- Fix ConfigureLogging to set Writer to stderr
- Add tests for pkg/user package Manager (86.2% coverage)
- Test all user management operations
- Test authentication and password management
- Test MFA and email verification flows
- Test account locking/unlocking mechanisms
- Add tests for pkg/auth/providers/basic package (62.5% coverage)
- Test basic authentication flow
- Test credential validation
- Test user state handling (disabled, locked, MFA required)
- Test time manipulation for testing
- Add tests for pkg/auth/providers package (100% coverage, improved from 28.8%)
- Add comprehensive tests for registry.go
- Add tests for time.go including mock time provider
- Improve tests for provider.go to cover nil details case
- Update .gitignore to exclude coverage files
This significantly improves the overall test coverage of the auth2 library,
with most critical packages now having coverage above the 80% target.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add go-test.yml workflow to run tests on PRs and main branch commits
- Configure test coverage reporting
- Add CodeQL security analysis workflow for vulnerability detection
- Support multiple Go versions in the test matrix
- Create password utilities with bcrypt and argon2id hashing support
- Implement password policy enforcement with configurable requirements
- Create basic username/password authentication provider
- Implement account locking mechanism for security protection
- Build bruteforce protection with IP and global rate limiting
- Improve test resiliency for time-based operations
- Add comprehensive black box testing with >80% coverage
- Update project plan to mark Phase 2.2 as completed
- Define enhanced AuthProvider interface with additional context and result information
- Create various credential types for different authentication methods
- Implement ProviderManager for managing multiple authentication providers
- Build chain-of-responsibility pattern for flexible authentication flows
- Add comprehensive unit tests with >80% coverage
- Update project plan to mark Phase 2.1 as completed
- Define User model and interfaces
- Create Context wrapper for auth context
- Implement base interfaces for all components
- Build error handling patterns
This commit completes the core domain model implementation as specified in Phase 1.3 of the project plan.
This commit completes Phase 1.2 of the implementation plan:
- Implement provider interfaces for auth, MFA, storage, and HTTP
- Create registry for managing registered providers
- Implement factory pattern for provider instantiation
- Build provider discovery mechanism
- Add black box unit tests for all components
- Updated DESIGN.md with interface-based plugin system approach
- Added detailed plugin system architecture section
- Updated PROJECT_PLAN.md with more specific plugin system tasks
- Replaced dynamic loading approach with interface-based approach
Completed Phase 1.1 of the project setup with the following components:
- Initialized Go module with Go 1.24
- Set up logging with log/slog
- Created error types and handling mechanisms
- Implemented configuration structures
- Created directory structure for the project
