Feat/auth api

[whoisnjoguu]

Description

This PR adds comprehensive authentication and authorization functionality by integrating with Zitadel, transforming the authkit from a simple JWT validation middleware into a full-featured auth management SDK. The implementation includes user management, organization management, role-based access control, invitation systems, session management, and IDP (Identity Provider) linking capabilities.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Code refactoring

Related Issue

Changes Made

Core Authentication Enhancements

• Enhanced JWT validation with fallback to Zitadel session token validation
• Added session token support via new ServiceToken configuration field
• Session API v2 integration for session management and IDP intent handling

New Zitadel API Client zitadel_client.go

• User Management: Create, retrieve, update, and delete users
• Organization Management: Create organizations, manage org members, assign roles
• IDP Integration: Link and unlink Identity Provider connections
• Session Management: Retrieve user sessions and handle session tokens
• Role Management: Assign and manage project roles and organization roles

RBAC & Organization Features

• Organization role middleware for role-based access control
• Role verification helpers to check user permissions
• Organization context management in API requests

Invitation System

• Access code generation with secure hashing
• Code validation and expiration handling
• Invitation workflow support for user onboarding

Internal Models

• Comprehensive data models for Zitadel API integration
• JWT claims structure with organization and role metadata
• Configuration models with backward compatibility aliases
• Request/response models for all API endpoints

Code Quality Improvements

• Refactored Claims and Config as type aliases for backward compatibility
• Removed unused JWKS cache methods to simplify codebase
• Enhanced error definitions for invitation and organization operations
• Improved logging throughout authentication flow

Testing

• All existing tests pass
• Added new tests for new functionality
• Manual testing performed

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Screenshots (if applicable)

Additional Notes

Breaking Changes

While type aliases maintain backward compatibility for public APIs, the internal structure has been significantly refactored. Existing code using the middleware should continue to work without modification.

Dependencies

Requires Zitadel service token for full API functionality
Session validation requires additional ServiceToken configuration

Migration Guide

For projects using the basic middleware:

No changes required - existing AuthN() middleware continues to work

To enable session token validation, add ServiceToken to your config
To use new Zitadel API features, create a ZitadelClient instance with NewZitadelClient()