[Core] Setup Authentication System

[NeftaliYagua]

📋 Description

Setup JWT-based authentication system with support for multiple identity providers (OAuth2, OIDC).

Story Points: 21 SP
Sprint: Sprint 2 (Jan 16-29, 2026) - IN PROGRESS
Estimated Duration: 8 days
Risk Level: Medium (OAuth integration complexity)
Dependencies: None

✅ Acceptance Criteria

• JWT token generation and validation implemented
• Refresh token mechanism working
• OAuth2/OIDC integration (Google, Microsoft, GitHub)
• Role-based access control (RBAC) implemented
• Password hashing with bcrypt/Argon2
• Login/logout endpoints functional
• Token expiration and renewal working
• User session management
• Security headers configured (CORS, CSP, HSTS)
• Audit logging for authentication events
• Unit tests > 80% coverage
• Integration tests for auth flows

🔧 Technical Notes

• Use ASP.NET Core Identity as foundation
• JWT library: System.IdentityModel.Tokens.Jwt
• OAuth providers: Google, Microsoft, GitHub
• Token storage: Redis for refresh tokens
• Password policy: min 12 chars, complexity requirements
• Rate limiting: 5 failed attempts = 15min lockout

📦 Subtasks

• Design authentication architecture
• Implement JWT generation/validation
• Configure Identity providers (OAuth2/OIDC)
• Create login/logout endpoints
• Implement password hashing
• Add refresh token mechanism
• Setup RBAC with roles and permissions
• Configure security headers
• Implement audit logging
• Write unit tests
• Write integration tests
• Security review and penetration testing

🔗 Related

• Blocks [Core] Implement Multi-tenancy #2 (Multi-tenancy needs authentication)
• Part of Sprint 2 (43 SP total capacity)
• See ROADMAP.md Sprint 2 section for full context