stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/authority/authority-identity-provider-registry.md

3.1 KiB
Raw Blame History

Authority Identity Provider Registry (Plugin Resolution)

Module

Authority

Status

IMPLEMENTED

Description

Runtime metadata/handle pattern for resolving identity providers through a registry. Handlers use IAuthorityIdentityProviderRegistry.AcquireAsync with metadata (AuthorityIdentityProviderMetadata) for capability checks, enabling deterministic and capability-gated provider resolution.

Implementation Details

  • Modules: src/Authority/StellaOps.Authority/StellaOps.Authority/, src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/
  • Key Classes:
    • AuthorityIdentityProviderRegistry (src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityIdentityProviderRegistry.cs) - runtime registry that resolves identity providers by metadata capabilities; exposes AcquireAsync for deterministic provider selection
    • AuthorityIdentityProviderSelector (src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/AuthorityIdentityProviderSelector.cs) - selects the appropriate identity provider plugin during OpenIddict authentication flows based on request context
    • AuthorityPluginRegistry (src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityPluginRegistry.cs) - manages the lifecycle and registration of all authority plugins
    • IdentityProviderContracts (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/IdentityProviderContracts.cs) - defines IAuthorityIdentityProviderPlugin, AuthorityIdentityProviderMetadata, and capability contracts
    • AuthorityPluginRegistrationContext (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginRegistrationContext.cs) - context object passed to plugins during registration
    • AuthorityPluginLoader (src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginLoader.cs) - loads plugin assemblies from disk and registers them with the plugin registry
    • AuthorityPluginRegistrationSummary (src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginRegistrationSummary.cs) - captures registration outcome (loaded plugins, errors, capabilities)
  • Interfaces: IAuthorityIdentityProviderPlugin, IAuthorityPluginRegistrar (defined in IdentityProviderContracts.cs and AuthorityPluginContracts.cs)
  • Source: Feature matrix scan

E2E Test Plan

  • Register two identity provider plugins (Standard and LDAP) and verify AuthorityIdentityProviderRegistry resolves each by capability metadata
  • Call AcquireAsync with metadata requesting LDAP capabilities and verify the LDAP provider is returned
  • Call AcquireAsync with metadata requesting capabilities not supported by any provider and verify a clear error is returned
  • Verify AuthorityIdentityProviderSelector routes authentication to the correct provider based on the client's identity_provider metadata during an OAuth2 token request
  • Register a plugin at runtime and verify the registry reflects the new provider without restart
  • Verify AuthorityPluginRegistrationSummary reports all registered providers with their capabilities