Module oauth 

OAuth 2.0 provider abstraction.

The framework provides the trait and supporting types. Concrete providers (Google, GitHub, etc.) are implemented in the application layer and registered with OAuth2Service in the app’s ArclyPlugin::on_init.

Flow (Authorization Code + PKCE)

1. GET /oauth/{provider}/authorize — controller calls provider.authorize_url() which returns (url, pkce_verifier, csrf_state). — controller stores oauth_state::{state} → {verifier}::{provider} in Redis with a 10-minute TTL. — returns { "url": "..." } to the client.

2. GET /oauth/{provider}/callback?code=&state= — controller looks up state in Redis, extracts verifier + provider. — calls provider.exchange_code(code, pkce_verifier) → access token. — calls provider.fetch_user_info(access_token) → OAuth2UserInfo. — upserts local user, mints JWT + session, returns both.

Structs

OAuth2Service

Registry of OAuth2 providers keyed by provider.name().

OAuth2UserInfo

Normalised user information returned by any OAuth2 provider.

Traits

OAuth2Provider

Implement this to add an OAuth2 provider to the application.