Auth: Implement authorization code flow with PKCE and PAR support

[losolio]

No description provided.

[Copilot]

Pull request overview

This PR implements OAuth 2.0 authorization code flow with mandatory PKCE (Proof Key for Code Exchange) and PAR (Pushed Authorization Requests) support for the Ignis authorization server. The implementation refactors the existing authorization infrastructure to support both client credentials and authorization code grant types, with comprehensive test coverage and documentation.

Changes:

• Implemented authorization code flow with PKCE and PAR as mandatory security measures
• Refactored authorization logic into a reusable AuthorizationHandler class with thin controller wrappers
• Added session cookie authentication for user login during authorization flow
• Enhanced test infrastructure with comprehensive integration tests for the new flow

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
tests/Ignis.Api.Tests/IntegrationFixture.cs	Added authorization_code grant type and redirect URI to test configuration
tests/Ignis.Api.Tests/AuthorizationControllerTests.cs	Added comprehensive tests for authorization code flow scenarios including PKCE validation, PAR requirement, and login redirection
tests/Ignis.Api.Tests/AuthConfigurationTests.cs	Improved environment variable management to prevent test isolation issues
src/Ignis.Auth/Services/ClientSyncInitializer.cs	Added support for authorization_code grant type with redirect URI configuration
src/Ignis.Auth/README.md	Updated documentation with authorization code flow instructions, endpoint details, and simplified certificate generation
src/Ignis.Auth/Extensions/AuthServiceExtensions.cs	New file providing extension methods for auth validation and client sync
src/Ignis.Auth/Extensions/AuthServerExtensions.cs	Refactored auth server registration with session cookie authentication and authorization endpoints
src/Ignis.Auth/Controllers/AuthorizationController.cs	Deleted - logic moved to AuthorizationHandler
src/Ignis.Auth/AuthorizationHandler.cs	New handler encapsulating authorization, token exchange, and logout logic
src/Ignis.Auth/AuthSettings.cs	Added LoginPath and redirect URI configuration properties
src/Ignis.Api/appsettings.json	Added LoginPath configuration setting
src/Ignis.Api/Program.cs	Simplified auth setup using new extension methods and proper middleware ordering
src/Ignis.Api/Controllers/AuthorizationController.cs	New thin controller delegating to AuthorizationHandler with optional DI pattern

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.