feat: base oauth/oidc method handlers

feat: protobuf service interface (`AuthServiceServer`) methods comparison against implemented `AuthService` at compile time

README.md

@@ -8,12 +8,10 @@ An event-driven microservices-based distributed e-commerce example application w
 
 ## 📘 About
 
-This project was originally built as an experiment with event-driven architecture. But I hope it can future serve as a beneficial demonstration of utilising the architecture and exemplify the implementation of some other miscellaneous microservice patterns.
+This project was originally built as an experiment with event-driven architecture. I hope it can serve as a beneficial demonstration of utilising the architecture and exemplify the implementation of some other miscellaneous microservice patterns in a real-world setting.
 
 Any ideas, suggestions or direct contributions to better conform with general and evolving industry practices are welcome and will be greatly appreciated, as I'd like for this project to evolve to the stage of being somewhat a reflection of a production-ready enterprise application.
 
-⚠️ The application should be considered in the experimental prototype stage. Breaking changes can be expected between any future commits to this repo, in order to ease the development process and allow for clean refactoring of the project.
-
 ## 📝 Features
 
 * Monorepository layout
@@ -25,12 +23,13 @@ Any ideas, suggestions or direct contributions to better conform with general an
 * Transactional outbox pattern with Debezium
 * API gateway pattern using Envoy
 * Distributed transactions utilising the saga pattern
+* Compliance with common specifications such as OAuth 2.0
 
 ## ⚠️ Notice
 
-As this project is licensed under the GNU Affero General Public License v3, [copying, templating or referencing code from this project](https://en.wikipedia.org/wiki/Clean-room_design) may violate international copyright law unless your project is using a compatible open-source license. Please ensure any implementation in your own projects is original and complies with applicable licenses and laws.
+As this project is licensed under the GNU Affero General Public License v3, [copying, templating or referencing code from this project](https://en.wikipedia.org/wiki/Clean-room_design) may violate copyright law unless your project is using a compatible open-source license. Please ensure any implementation in your own projects is original and complies with applicable licenses and laws.
 
-In the nature of open-source software, please consider contributing and giving back to the project to help make it better for the greater community, especially if you see it as a useful learning resource.
+In the nature of open-source software, please consider contributing and giving back to the project to help make it better for the greater community, especially if you see it as a useful learning resource (as this repo is intended).
 
 ## 🗃️ Architecture
 

internal/pkg/protogen/auth/v1/service.pb.gw.go

@@ -68,6 +68,284 @@ func local_request_AuthService_GetJwks_0(ctx context.Context, marshaler runtime.
 
 }
 
+func request_AuthService_GetJwks_1(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetJwksRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := client.GetJwks(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_GetJwks_1(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetJwksRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := server.GetJwks(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_GetOpenIDProviderConfig_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetOpenIDProviderConfigRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := client.GetOpenIDProviderConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_GetOpenIDProviderConfig_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetOpenIDProviderConfigRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := server.GetOpenIDProviderConfig(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_GetOpenIDProviderConfig_1(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetOpenIDProviderConfigRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := client.GetOpenIDProviderConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_GetOpenIDProviderConfig_1(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq GetOpenIDProviderConfigRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := server.GetOpenIDProviderConfig(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+var (
+	filter_AuthService_OAuthAuthorize_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
+)
+
+func request_AuthService_OAuthAuthorize_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthAuthorizeRequest
+	var metadata runtime.ServerMetadata
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_OAuthAuthorize_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OAuthAuthorize(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OAuthAuthorize_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthAuthorizeRequest
+	var metadata runtime.ServerMetadata
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_OAuthAuthorize_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OAuthAuthorize(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OAuthAuthorize_1(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthAuthorizeRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OAuthAuthorize(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OAuthAuthorize_1(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthAuthorizeRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OAuthAuthorize(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OAuthToken_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OAuthToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OAuthToken_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OAuthToken(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OAuthTokenRevocation_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenRevocationRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OAuthTokenRevocation(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OAuthTokenRevocation_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenRevocationRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OAuthTokenRevocation(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OAuthTokenIntrospection_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenIntrospectionRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OAuthTokenIntrospection(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OAuthTokenIntrospection_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OAuthTokenIntrospectionRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OAuthTokenIntrospection(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OpenIDUserInfo_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OpenIDUserInfoRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := client.OpenIDUserInfo(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OpenIDUserInfo_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OpenIDUserInfoRequest
+	var metadata runtime.ServerMetadata
+
+	msg, err := server.OpenIDUserInfo(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+func request_AuthService_OpenIDUserInfo_1(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OpenIDUserInfoRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.OpenIDUserInfo(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_AuthService_OpenIDUserInfo_1(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq OpenIDUserInfoRequest
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.OpenIDUserInfo(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
 func request_AuthService_LoginPassword_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq LoginPasswordRequest
 	var metadata runtime.ServerMetadata
@@ -192,6 +470,256 @@ func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
 
 	})
 
+	mux.Handle("GET", pattern_AuthService_GetJwks_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetJwks", runtime.WithHTTPPathPattern("/v1/auth/.well-known/jwks"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_GetJwks_1(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetJwks_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_GetOpenIDProviderConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetOpenIDProviderConfig", runtime.WithHTTPPathPattern("/v1/auth/openid"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_GetOpenIDProviderConfig_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetOpenIDProviderConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_GetOpenIDProviderConfig_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetOpenIDProviderConfig", runtime.WithHTTPPathPattern("/v1/auth/.well-known/openid-configuration"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_GetOpenIDProviderConfig_1(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetOpenIDProviderConfig_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_OAuthAuthorize_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthAuthorize", runtime.WithHTTPPathPattern("/v1/auth/oauth/authorize"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OAuthAuthorize_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthAuthorize_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthAuthorize_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthAuthorize", runtime.WithHTTPPathPattern("/v1/auth/oauth/authorize"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OAuthAuthorize_1(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthAuthorize_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthToken", runtime.WithHTTPPathPattern("/v1/auth/oauth/token"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OAuthToken_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthTokenRevocation_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthTokenRevocation", runtime.WithHTTPPathPattern("/v1/auth/oauth/revoke"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OAuthTokenRevocation_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthTokenRevocation_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthTokenIntrospection_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthTokenIntrospection", runtime.WithHTTPPathPattern("/v1/auth/oauth/introspect"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OAuthTokenIntrospection_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthTokenIntrospection_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_OpenIDUserInfo_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OpenIDUserInfo", runtime.WithHTTPPathPattern("/v1/auth/oidc/userinfo"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OpenIDUserInfo_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OpenIDUserInfo_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OpenIDUserInfo_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OpenIDUserInfo", runtime.WithHTTPPathPattern("/v1/auth/oidc/userinfo"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_AuthService_OpenIDUserInfo_1(annotatedContext, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OpenIDUserInfo_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("POST", pattern_AuthService_LoginPassword_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -327,6 +855,226 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
 
 	})
 
+	mux.Handle("GET", pattern_AuthService_GetJwks_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetJwks", runtime.WithHTTPPathPattern("/v1/auth/.well-known/jwks"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_GetJwks_1(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetJwks_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_GetOpenIDProviderConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetOpenIDProviderConfig", runtime.WithHTTPPathPattern("/v1/auth/openid"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_GetOpenIDProviderConfig_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetOpenIDProviderConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_GetOpenIDProviderConfig_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/GetOpenIDProviderConfig", runtime.WithHTTPPathPattern("/v1/auth/.well-known/openid-configuration"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_GetOpenIDProviderConfig_1(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_GetOpenIDProviderConfig_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_OAuthAuthorize_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthAuthorize", runtime.WithHTTPPathPattern("/v1/auth/oauth/authorize"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OAuthAuthorize_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthAuthorize_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthAuthorize_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthAuthorize", runtime.WithHTTPPathPattern("/v1/auth/oauth/authorize"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OAuthAuthorize_1(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthAuthorize_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthToken", runtime.WithHTTPPathPattern("/v1/auth/oauth/token"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OAuthToken_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthToken_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthTokenRevocation_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthTokenRevocation", runtime.WithHTTPPathPattern("/v1/auth/oauth/revoke"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OAuthTokenRevocation_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthTokenRevocation_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OAuthTokenIntrospection_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OAuthTokenIntrospection", runtime.WithHTTPPathPattern("/v1/auth/oauth/introspect"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OAuthTokenIntrospection_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OAuthTokenIntrospection_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_AuthService_OpenIDUserInfo_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OpenIDUserInfo", runtime.WithHTTPPathPattern("/v1/auth/oidc/userinfo"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OpenIDUserInfo_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OpenIDUserInfo_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("POST", pattern_AuthService_OpenIDUserInfo_1, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/stocklet.auth.v1.AuthService/OpenIDUserInfo", runtime.WithHTTPPathPattern("/v1/auth/oidc/userinfo"))
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_AuthService_OpenIDUserInfo_1(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
+		if err != nil {
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_AuthService_OpenIDUserInfo_1(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("POST", pattern_AuthService_LoginPassword_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -379,6 +1127,26 @@ var (
 
 	pattern_AuthService_GetJwks_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "auth", "jwks"}, ""))
 
+	pattern_AuthService_GetJwks_1 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", ".well-known", "jwks"}, ""))
+
+	pattern_AuthService_GetOpenIDProviderConfig_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "auth", "openid"}, ""))
+
+	pattern_AuthService_GetOpenIDProviderConfig_1 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", ".well-known", "openid-configuration"}, ""))
+
+	pattern_AuthService_OAuthAuthorize_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oauth", "authorize"}, ""))
+
+	pattern_AuthService_OAuthAuthorize_1 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oauth", "authorize"}, ""))
+
+	pattern_AuthService_OAuthToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oauth", "token"}, ""))
+
+	pattern_AuthService_OAuthTokenRevocation_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oauth", "revoke"}, ""))
+
+	pattern_AuthService_OAuthTokenIntrospection_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oauth", "introspect"}, ""))
+
+	pattern_AuthService_OpenIDUserInfo_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oidc", "userinfo"}, ""))
+
+	pattern_AuthService_OpenIDUserInfo_1 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v1", "auth", "oidc", "userinfo"}, ""))
+
 	pattern_AuthService_LoginPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "auth", "login"}, ""))
 
 	pattern_AuthService_SetPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "auth", "password"}, ""))
@@ -389,6 +1157,26 @@ var (
 
 	forward_AuthService_GetJwks_0 = runtime.ForwardResponseMessage
 
+	forward_AuthService_GetJwks_1 = runtime.ForwardResponseMessage
+
+	forward_AuthService_GetOpenIDProviderConfig_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_GetOpenIDProviderConfig_1 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OAuthAuthorize_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OAuthAuthorize_1 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OAuthToken_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OAuthTokenRevocation_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OAuthTokenIntrospection_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OpenIDUserInfo_0 = runtime.ForwardResponseMessage
+
+	forward_AuthService_OpenIDUserInfo_1 = runtime.ForwardResponseMessage
+
 	forward_AuthService_LoginPassword_0 = runtime.ForwardResponseMessage
 
 	forward_AuthService_SetPassword_0 = runtime.ForwardResponseMessage

internal/pkg/protogen/auth/v1/service_grpc.pb.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2024 Declan Teevan
+// Copyright (C) 2025 Declan Teevan
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -39,6 +39,12 @@ const _ = grpc.SupportPackageIsVersion7
 const (
 	AuthService_ServiceInfo_FullMethodName             = "/stocklet.auth.v1.AuthService/ServiceInfo"
 	AuthService_GetJwks_FullMethodName                 = "/stocklet.auth.v1.AuthService/GetJwks"
+	AuthService_GetOpenIDProviderConfig_FullMethodName = "/stocklet.auth.v1.AuthService/GetOpenIDProviderConfig"
+	AuthService_OAuthAuthorize_FullMethodName          = "/stocklet.auth.v1.AuthService/OAuthAuthorize"
+	AuthService_OAuthToken_FullMethodName              = "/stocklet.auth.v1.AuthService/OAuthToken"
+	AuthService_OAuthTokenRevocation_FullMethodName    = "/stocklet.auth.v1.AuthService/OAuthTokenRevocation"
+	AuthService_OAuthTokenIntrospection_FullMethodName = "/stocklet.auth.v1.AuthService/OAuthTokenIntrospection"
+	AuthService_OpenIDUserInfo_FullMethodName          = "/stocklet.auth.v1.AuthService/OpenIDUserInfo"
 	AuthService_LoginPassword_FullMethodName           = "/stocklet.auth.v1.AuthService/LoginPassword"
 	AuthService_SetPassword_FullMethodName             = "/stocklet.auth.v1.AuthService/SetPassword"
 	AuthService_ProcessUserDeletedEvent_FullMethodName = "/stocklet.auth.v1.AuthService/ProcessUserDeletedEvent"
@@ -53,6 +59,24 @@ type AuthServiceClient interface {
 	// buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE
 	ServiceInfo(ctx context.Context, in *v1.ServiceInfoRequest, opts ...grpc.CallOption) (*v1.ServiceInfoResponse, error)
 	GetJwks(ctx context.Context, in *GetJwksRequest, opts ...grpc.CallOption) (*GetJwksResponse, error)
+	// OpenID Connect Discovery Endpoint
+	// spec: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+	GetOpenIDProviderConfig(ctx context.Context, in *GetOpenIDProviderConfigRequest, opts ...grpc.CallOption) (*GetOpenIDProviderConfigResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.1
+	OAuthAuthorize(ctx context.Context, in *OAuthAuthorizeRequest, opts ...grpc.CallOption) (*OAuthAuthorizeResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.2
+	OAuthToken(ctx context.Context, in *OAuthTokenRequest, opts ...grpc.CallOption) (*OAuthTokenResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 7009): https://www.rfc-editor.org/rfc/rfc7009
+	OAuthTokenRevocation(ctx context.Context, in *OAuthTokenRevocationRequest, opts ...grpc.CallOption) (*OAuthTokenRevocationResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 7662): https://www.rfc-editor.org/rfc/rfc7662
+	OAuthTokenIntrospection(ctx context.Context, in *OAuthTokenIntrospectionRequest, opts ...grpc.CallOption) (*OAuthTokenIntrospectionResponse, error)
+	// OpenID Connect Endpoint
+	// spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+	OpenIDUserInfo(ctx context.Context, in *OpenIDUserInfoRequest, opts ...grpc.CallOption) (*OpenIDUserInfoResponse, error)
 	LoginPassword(ctx context.Context, in *LoginPasswordRequest, opts ...grpc.CallOption) (*LoginPasswordResponse, error)
 	SetPassword(ctx context.Context, in *SetPasswordRequest, opts ...grpc.CallOption) (*SetPasswordResponse, error)
 	// A consumer will call this method to process events.
@@ -89,6 +113,60 @@ func (c *authServiceClient) GetJwks(ctx context.Context, in *GetJwksRequest, opt
 	return out, nil
 }
 
+func (c *authServiceClient) GetOpenIDProviderConfig(ctx context.Context, in *GetOpenIDProviderConfigRequest, opts ...grpc.CallOption) (*GetOpenIDProviderConfigResponse, error) {
+	out := new(GetOpenIDProviderConfigResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetOpenIDProviderConfig_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) OAuthAuthorize(ctx context.Context, in *OAuthAuthorizeRequest, opts ...grpc.CallOption) (*OAuthAuthorizeResponse, error) {
+	out := new(OAuthAuthorizeResponse)
+	err := c.cc.Invoke(ctx, AuthService_OAuthAuthorize_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) OAuthToken(ctx context.Context, in *OAuthTokenRequest, opts ...grpc.CallOption) (*OAuthTokenResponse, error) {
+	out := new(OAuthTokenResponse)
+	err := c.cc.Invoke(ctx, AuthService_OAuthToken_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) OAuthTokenRevocation(ctx context.Context, in *OAuthTokenRevocationRequest, opts ...grpc.CallOption) (*OAuthTokenRevocationResponse, error) {
+	out := new(OAuthTokenRevocationResponse)
+	err := c.cc.Invoke(ctx, AuthService_OAuthTokenRevocation_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) OAuthTokenIntrospection(ctx context.Context, in *OAuthTokenIntrospectionRequest, opts ...grpc.CallOption) (*OAuthTokenIntrospectionResponse, error) {
+	out := new(OAuthTokenIntrospectionResponse)
+	err := c.cc.Invoke(ctx, AuthService_OAuthTokenIntrospection_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) OpenIDUserInfo(ctx context.Context, in *OpenIDUserInfoRequest, opts ...grpc.CallOption) (*OpenIDUserInfoResponse, error) {
+	out := new(OpenIDUserInfoResponse)
+	err := c.cc.Invoke(ctx, AuthService_OpenIDUserInfo_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (c *authServiceClient) LoginPassword(ctx context.Context, in *LoginPasswordRequest, opts ...grpc.CallOption) (*LoginPasswordResponse, error) {
 	out := new(LoginPasswordResponse)
 	err := c.cc.Invoke(ctx, AuthService_LoginPassword_FullMethodName, in, out, opts...)
@@ -125,6 +203,24 @@ type AuthServiceServer interface {
 	// buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE
 	ServiceInfo(context.Context, *v1.ServiceInfoRequest) (*v1.ServiceInfoResponse, error)
 	GetJwks(context.Context, *GetJwksRequest) (*GetJwksResponse, error)
+	// OpenID Connect Discovery Endpoint
+	// spec: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+	GetOpenIDProviderConfig(context.Context, *GetOpenIDProviderConfigRequest) (*GetOpenIDProviderConfigResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.1
+	OAuthAuthorize(context.Context, *OAuthAuthorizeRequest) (*OAuthAuthorizeResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.2
+	OAuthToken(context.Context, *OAuthTokenRequest) (*OAuthTokenResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 7009): https://www.rfc-editor.org/rfc/rfc7009
+	OAuthTokenRevocation(context.Context, *OAuthTokenRevocationRequest) (*OAuthTokenRevocationResponse, error)
+	// OAuth 2.0 Endpoint
+	// spec (RFC 7662): https://www.rfc-editor.org/rfc/rfc7662
+	OAuthTokenIntrospection(context.Context, *OAuthTokenIntrospectionRequest) (*OAuthTokenIntrospectionResponse, error)
+	// OpenID Connect Endpoint
+	// spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+	OpenIDUserInfo(context.Context, *OpenIDUserInfoRequest) (*OpenIDUserInfoResponse, error)
 	LoginPassword(context.Context, *LoginPasswordRequest) (*LoginPasswordResponse, error)
 	SetPassword(context.Context, *SetPasswordRequest) (*SetPasswordResponse, error)
 	// A consumer will call this method to process events.
@@ -146,6 +242,24 @@ func (UnimplementedAuthServiceServer) ServiceInfo(context.Context, *v1.ServiceIn
 func (UnimplementedAuthServiceServer) GetJwks(context.Context, *GetJwksRequest) (*GetJwksResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetJwks not implemented")
 }
+func (UnimplementedAuthServiceServer) GetOpenIDProviderConfig(context.Context, *GetOpenIDProviderConfigRequest) (*GetOpenIDProviderConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetOpenIDProviderConfig not implemented")
+}
+func (UnimplementedAuthServiceServer) OAuthAuthorize(context.Context, *OAuthAuthorizeRequest) (*OAuthAuthorizeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthAuthorize not implemented")
+}
+func (UnimplementedAuthServiceServer) OAuthToken(context.Context, *OAuthTokenRequest) (*OAuthTokenResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthToken not implemented")
+}
+func (UnimplementedAuthServiceServer) OAuthTokenRevocation(context.Context, *OAuthTokenRevocationRequest) (*OAuthTokenRevocationResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthTokenRevocation not implemented")
+}
+func (UnimplementedAuthServiceServer) OAuthTokenIntrospection(context.Context, *OAuthTokenIntrospectionRequest) (*OAuthTokenIntrospectionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthTokenIntrospection not implemented")
+}
+func (UnimplementedAuthServiceServer) OpenIDUserInfo(context.Context, *OpenIDUserInfoRequest) (*OpenIDUserInfoResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OpenIDUserInfo not implemented")
+}
 func (UnimplementedAuthServiceServer) LoginPassword(context.Context, *LoginPasswordRequest) (*LoginPasswordResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method LoginPassword not implemented")
 }
@@ -204,6 +318,114 @@ func _AuthService_GetJwks_Handler(srv interface{}, ctx context.Context, dec func
 	return interceptor(ctx, in, info, handler)
 }
 
+func _AuthService_GetOpenIDProviderConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetOpenIDProviderConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetOpenIDProviderConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetOpenIDProviderConfig_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetOpenIDProviderConfig(ctx, req.(*GetOpenIDProviderConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_OAuthAuthorize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(OAuthAuthorizeRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).OAuthAuthorize(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_OAuthAuthorize_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).OAuthAuthorize(ctx, req.(*OAuthAuthorizeRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_OAuthToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(OAuthTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).OAuthToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_OAuthToken_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).OAuthToken(ctx, req.(*OAuthTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_OAuthTokenRevocation_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(OAuthTokenRevocationRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).OAuthTokenRevocation(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_OAuthTokenRevocation_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).OAuthTokenRevocation(ctx, req.(*OAuthTokenRevocationRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_OAuthTokenIntrospection_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(OAuthTokenIntrospectionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).OAuthTokenIntrospection(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_OAuthTokenIntrospection_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).OAuthTokenIntrospection(ctx, req.(*OAuthTokenIntrospectionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_OpenIDUserInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(OpenIDUserInfoRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).OpenIDUserInfo(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_OpenIDUserInfo_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).OpenIDUserInfo(ctx, req.(*OpenIDUserInfoRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _AuthService_LoginPassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LoginPasswordRequest)
 	if err := dec(in); err != nil {
@@ -273,6 +495,30 @@ var AuthService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetJwks",
 			Handler:    _AuthService_GetJwks_Handler,
 		},
+		{
+			MethodName: "GetOpenIDProviderConfig",
+			Handler:    _AuthService_GetOpenIDProviderConfig_Handler,
+		},
+		{
+			MethodName: "OAuthAuthorize",
+			Handler:    _AuthService_OAuthAuthorize_Handler,
+		},
+		{
+			MethodName: "OAuthToken",
+			Handler:    _AuthService_OAuthToken_Handler,
+		},
+		{
+			MethodName: "OAuthTokenRevocation",
+			Handler:    _AuthService_OAuthTokenRevocation_Handler,
+		},
+		{
+			MethodName: "OAuthTokenIntrospection",
+			Handler:    _AuthService_OAuthTokenIntrospection_Handler,
+		},
+		{
+			MethodName: "OpenIDUserInfo",
+			Handler:    _AuthService_OpenIDUserInfo_Handler,
+		},
 		{
 			MethodName: "LoginPassword",
 			Handler:    _AuthService_LoginPassword_Handler,

internal/pkg/protogen/auth/v1/types.pb.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2024 Declan Teevan
+// Copyright (C) 2025 Declan Teevan
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by

internal/pkg/protogen/order/v1/types.pb.go

@@ -206,54 +206,54 @@ var file_stocklet_order_v1_types_proto_rawDesc = []byte{
 	0x11, 0x73, 0x74, 0x6f, 0x63, 0x6b, 0x6c, 0x65, 0x74, 0x2e, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2e,
 	0x76, 0x31, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
 	0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
-	0xeb, 0x03, 0x0a, 0x05, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x02, 0x69, 0x64, 0x18,
+	0xea, 0x03, 0x0a, 0x05, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x02, 0x69, 0x64, 0x18,
 	0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x43, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x69, 0x64, 0x12, 0x42, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01,
 	0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x73, 0x74, 0x6f, 0x63, 0x6b, 0x6c, 0x65, 0x74, 0x2e, 0x6f, 0x72,
 	0x64, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x42, 0x0b, 0xba, 0x48, 0x08, 0x82, 0x01, 0x05, 0x10, 0x01, 0x22, 0x01, 0x00, 0x52,
+	0x75, 0x73, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x82, 0x01, 0x04, 0x10, 0x01, 0x20, 0x00, 0x52, 0x06,
-	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x47, 0x0a, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x47, 0x0a, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x73, 0x74, 0x6f, 0x63, 0x6b, 0x6c, 0x65,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x73, 0x74, 0x6f, 0x63, 0x6b, 0x6c, 0x65, 0x74,
-	0x74, 0x2e, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72,
+	0x2e, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x2e,
-	0x2e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x0c, 0xba, 0x48, 0x09,
+	0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x0c, 0xba, 0x48, 0x09, 0x9a,
-	0x9a, 0x01, 0x06, 0x2a, 0x04, 0x1a, 0x02, 0x20, 0x00, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73,
+	0x01, 0x06, 0x2a, 0x04, 0x1a, 0x02, 0x20, 0x00, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x12,
-	0x12, 0x28, 0x0a, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18,
+	0x28, 0x0a, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0a,
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0a, 0x63,
-	0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x65, 0x72, 0x49, 0x64, 0x12, 0x33, 0x0a, 0x0e, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x6f, 0x6d, 0x65, 0x72, 0x49, 0x64, 0x12, 0x33, 0x0a, 0x0e, 0x74, 0x72, 0x61,
-	0x61, 0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01,
+	0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x0d, 0x74,
+	0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x0d, 0x74, 0x72,
-	0x72, 0x61, 0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x88, 0x01, 0x01, 0x12,
+	0x61, 0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x88, 0x01, 0x01, 0x12, 0x2d,
-	0x2d, 0x0a, 0x0b, 0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x06,
+	0x0a, 0x0b, 0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x01, 0x52,
+	0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x01, 0x52, 0x0a,
-	0x0a, 0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x49, 0x64, 0x88, 0x01, 0x01, 0x12, 0x1d,
+	0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x49, 0x64, 0x88, 0x01, 0x01, 0x12, 0x1d, 0x0a,
-	0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01,
+	0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28,
-	0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x22, 0x0a,
+	0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x22, 0x0a, 0x0a,
-	0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28,
+	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x03,
-	0x03, 0x48, 0x02, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x88, 0x01,
+	0x48, 0x02, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x88, 0x01, 0x01,
-	0x01, 0x1a, 0x38, 0x0a, 0x0a, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x1a, 0x38, 0x0a, 0x0a, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x11, 0x0a, 0x0f, 0x5f,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x74,
-	0x74, 0x72, 0x61, 0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x42, 0x0e,
+	0x72, 0x61, 0x6e, 0x73, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x42, 0x0e, 0x0a,
-	0x0a, 0x0c, 0x5f, 0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x42, 0x0d,
+	0x0c, 0x5f, 0x73, 0x68, 0x69, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x42, 0x0d, 0x0a,
-	0x0a, 0x0b, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x2a, 0xb4, 0x01,
+	0x0b, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x2a, 0xb4, 0x01, 0x0a,
-	0x0a, 0x0b, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1c, 0x0a,
+	0x0b, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1c, 0x0a, 0x18,
-	0x18, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e,
+	0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53,
-	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x4f,
+	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x4f, 0x52,
-	0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x43,
+	0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x43, 0x45,
-	0x45, 0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4f, 0x52, 0x44, 0x45,
+	0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4f, 0x52, 0x44, 0x45, 0x52,
-	0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47,
+	0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10,
-	0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54,
+	0x02, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
-	0x55, 0x53, 0x5f, 0x52, 0x45, 0x4a, 0x45, 0x43, 0x54, 0x45, 0x44, 0x10, 0x03, 0x12, 0x19, 0x0a,
+	0x53, 0x5f, 0x52, 0x45, 0x4a, 0x45, 0x43, 0x54, 0x45, 0x44, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15,
-	0x15, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x50,
+	0x4f, 0x52, 0x44, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x50, 0x50,
-	0x50, 0x52, 0x4f, 0x56, 0x45, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4f, 0x52, 0x44, 0x45,
+	0x52, 0x4f, 0x56, 0x45, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4f, 0x52, 0x44, 0x45, 0x52,
-	0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54,
+	0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54, 0x45,
-	0x45, 0x44, 0x10, 0x05, 0x42, 0x45, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x44, 0x10, 0x05, 0x42, 0x45, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
-	0x6f, 0x6d, 0x2f, 0x68, 0x65, 0x78, 0x6f, 0x6c, 0x61, 0x6e, 0x2f, 0x73, 0x74, 0x6f, 0x63, 0x6b,
+	0x6d, 0x2f, 0x68, 0x65, 0x78, 0x6f, 0x6c, 0x61, 0x6e, 0x2f, 0x73, 0x74, 0x6f, 0x63, 0x6b, 0x6c,
-	0x6c, 0x65, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x6b, 0x67,
+	0x65, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x6b, 0x67, 0x2f,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x67, 0x65, 0x6e, 0x2f, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x67, 0x65, 0x6e, 0x2f, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x2f, 0x76,
-	0x76, 0x31, 0x3b, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x31, 0x3b, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x74, 0x6f, 0x33,
+	0x6f, 0x33,
 }
 
 var (

internal/svc/auth/auth.go

@@ -20,6 +20,8 @@ import (
 
 	"buf.build/go/protovalidate"
 	"github.com/rs/zerolog/log"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
 
 	"github.com/hexolan/stocklet/internal/pkg/errors"
@@ -40,6 +42,9 @@ type AuthService struct {
 	pbVal *protovalidate.Validator
 }
 
+// Ensure methods are implemented in AuthService at compile time
+var _ pb.AuthServiceServer = (*AuthService)(nil)
+
 // Interface for database methods
 // Allows implementing separate controllers for different databases (e.g. Postgres, MongoDB, etc)
 type StorageController interface {
@@ -82,6 +87,30 @@ func (svc AuthService) ServiceInfo(ctx context.Context, req *commonpb.ServiceInf
 	}, nil
 }
 
+func (svc AuthService) GetOpenIDProviderConfig(ctx context.Context, req *pb.GetOpenIDProviderConfigRequest) (*pb.GetOpenIDProviderConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetOpenIDProviderConfig not implemented")
+}
+
+func (svc AuthService) OAuthAuthorize(ctx context.Context, req *pb.OAuthAuthorizeRequest) (*pb.OAuthAuthorizeResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthAuthorize not implemented")
+}
+
+func (svc AuthService) OAuthToken(ctx context.Context, req *pb.OAuthTokenRequest) (*pb.OAuthTokenResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthToken not implemented")
+}
+
+func (svc AuthService) OAuthTokenRevocation(ctx context.Context, req *pb.OAuthTokenRevocationRequest) (*pb.OAuthTokenRevocationResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthTokenRevocation not implemented")
+}
+
+func (svc AuthService) OAuthTokenIntrospection(ctx context.Context, req *pb.OAuthTokenIntrospectionRequest) (*pb.OAuthTokenIntrospectionResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OAuthTokenIntrospection not implemented")
+}
+
+func (svc AuthService) OpenIDUserInfo(ctx context.Context, req *pb.OpenIDUserInfoRequest) (*pb.OpenIDUserInfoResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method OpenIDUserInfo not implemented")
+}
+
 func (svc AuthService) LoginPassword(ctx context.Context, req *pb.LoginPasswordRequest) (*pb.LoginPasswordResponse, error) {
 	// Validate the request args
 	if err := (*svc.pbVal).Validate(req); err != nil {
@@ -91,7 +120,7 @@ func (svc AuthService) LoginPassword(ctx context.Context, req *pb.LoginPasswordR
 
 	// Verify password
 	match, err := svc.store.VerifyPassword(ctx, req.UserId, req.Password)
-	if err != nil || match == false {
+	if err != nil || !match {
 		return nil, errors.WrapServiceError(errors.ErrCodeForbidden, "invalid user id or password", err)
 	}
 

internal/svc/auth/hashing.go

@@ -32,9 +32,5 @@ func HashPassword(password string) (string, error) {
 
 func CompareHashAndPassword(password string, hashedPassword string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
-	if err != nil {
+	return err == nil
-		return false
-	}
-
-	return true
 }

schema/openapi/services.swagger.yaml

@@ -24,6 +24,37 @@ consumes:
 produces:
   - application/json
 paths:
+  /v1/auth/.well-known/jwks:
+    get:
+      operationId: AuthService_GetJwks2
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1GetJwksResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      tags:
+        - AuthService
+  /v1/auth/.well-known/openid-configuration:
+    get:
+      summary: |-
+        OpenID Connect Discovery Endpoint
+        spec: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+      operationId: AuthService_GetOpenIDProviderConfig2
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1GetOpenIDProviderConfigResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      tags:
+        - AuthService
   /v1/auth/jwks:
     get:
       operationId: AuthService_GetJwks
@@ -58,6 +89,191 @@ paths:
             $ref: '#/definitions/v1LoginPasswordRequest'
       tags:
         - AuthService
+  /v1/auth/oauth/authorize:
+    get:
+      summary: |-
+        OAuth 2.0 Endpoint
+        spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.1
+      operationId: AuthService_OAuthAuthorize
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OAuthAuthorizeResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: responseType
+          in: query
+          required: false
+          type: string
+        - name: clientId
+          in: query
+          required: false
+          type: string
+        - name: redirectUri
+          in: query
+          required: false
+          type: string
+        - name: scope
+          in: query
+          required: false
+          type: string
+        - name: state
+          in: query
+          required: false
+          type: string
+      tags:
+        - AuthService
+    post:
+      summary: |-
+        OAuth 2.0 Endpoint
+        spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.1
+      operationId: AuthService_OAuthAuthorize2
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OAuthAuthorizeResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1OAuthAuthorizeRequest'
+      tags:
+        - AuthService
+  /v1/auth/oauth/introspect:
+    post:
+      summary: |-
+        OAuth 2.0 Endpoint
+        spec (RFC 7662): https://www.rfc-editor.org/rfc/rfc7662
+      operationId: AuthService_OAuthTokenIntrospection
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OAuthTokenIntrospectionResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1OAuthTokenIntrospectionRequest'
+      tags:
+        - AuthService
+  /v1/auth/oauth/revoke:
+    post:
+      summary: |-
+        OAuth 2.0 Endpoint
+        spec (RFC 7009): https://www.rfc-editor.org/rfc/rfc7009
+      operationId: AuthService_OAuthTokenRevocation
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OAuthTokenRevocationResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1OAuthTokenRevocationRequest'
+      tags:
+        - AuthService
+  /v1/auth/oauth/token:
+    post:
+      summary: |-
+        OAuth 2.0 Endpoint
+        spec (RFC 6749): https://www.rfc-editor.org/rfc/rfc6749#section-3.2
+      operationId: AuthService_OAuthToken
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OAuthTokenResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1OAuthTokenRequest'
+      tags:
+        - AuthService
+  /v1/auth/oidc/userinfo:
+    get:
+      summary: |-
+        OpenID Connect Endpoint
+        spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+      operationId: AuthService_OpenIDUserInfo
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OpenIDUserInfoResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      tags:
+        - AuthService
+    post:
+      summary: |-
+        OpenID Connect Endpoint
+        spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+      operationId: AuthService_OpenIDUserInfo2
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1OpenIDUserInfoResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1OpenIDUserInfoRequest'
+      tags:
+        - AuthService
+  /v1/auth/openid:
+    get:
+      summary: |-
+        OpenID Connect Discovery Endpoint
+        spec: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+      operationId: AuthService_GetOpenIDProviderConfig
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v1GetOpenIDProviderConfigResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/rpcStatus'
+      tags:
+        - AuthService
   /v1/auth/password:
     post:
       operationId: AuthService_SetPassword
@@ -475,6 +691,133 @@ definitions:
         items:
           type: object
           $ref: '#/definitions/protobufAny'
+  typePostalAddress:
+    type: object
+    properties:
+      revision:
+        type: integer
+        format: int32
+        description: |-
+          The schema revision of the `PostalAddress`. This must be set to 0, which is
+          the latest revision.
+
+          All new revisions **must** be backward compatible with old revisions.
+      regionCode:
+        type: string
+        description: |-
+          Required. CLDR region code of the country/region of the address. This
+          is never inferred and it is up to the user to ensure the value is
+          correct. See http://cldr.unicode.org/ and
+          http://www.unicode.org/cldr/charts/30/supplemental/territory_information.html
+          for details. Example: "CH" for Switzerland.
+      languageCode:
+        type: string
+        description: |-
+          Optional. BCP-47 language code of the contents of this address (if
+          known). This is often the UI language of the input form or is expected
+          to match one of the languages used in the address' country/region, or their
+          transliterated equivalents.
+          This can affect formatting in certain countries, but is not critical
+          to the correctness of the data and will never affect any validation or
+          other non-formatting related operations.
+
+          If this value is not known, it should be omitted (rather than specifying a
+          possibly incorrect default).
+
+          Examples: "zh-Hant", "ja", "ja-Latn", "en".
+      postalCode:
+        type: string
+        description: |-
+          Optional. Postal code of the address. Not all countries use or require
+          postal codes to be present, but where they are used, they may trigger
+          additional validation with other parts of the address (e.g. state/zip
+          validation in the U.S.A.).
+      sortingCode:
+        type: string
+        description: |-
+          Optional. Additional, country-specific, sorting code. This is not used
+          in most regions. Where it is used, the value is either a string like
+          "CEDEX", optionally followed by a number (e.g. "CEDEX 7"), or just a number
+          alone, representing the "sector code" (Jamaica), "delivery area indicator"
+          (Malawi) or "post office indicator" (e.g. Côte d'Ivoire).
+      administrativeArea:
+        type: string
+        description: |-
+          Optional. Highest administrative subdivision which is used for postal
+          addresses of a country or region.
+          For example, this can be a state, a province, an oblast, or a prefecture.
+          Specifically, for Spain this is the province and not the autonomous
+          community (e.g. "Barcelona" and not "Catalonia").
+          Many countries don't use an administrative area in postal addresses. E.g.
+          in Switzerland this should be left unpopulated.
+      locality:
+        type: string
+        description: |-
+          Optional. Generally refers to the city/town portion of the address.
+          Examples: US city, IT comune, UK post town.
+          In regions of the world where localities are not well defined or do not fit
+          into this structure well, leave locality empty and use address_lines.
+      sublocality:
+        type: string
+        description: |-
+          Optional. Sublocality of the address.
+          For example, this can be neighborhoods, boroughs, districts.
+      addressLines:
+        type: array
+        items:
+          type: string
+        description: |-
+          Unstructured address lines describing the lower levels of an address.
+
+          Because values in address_lines do not have type information and may
+          sometimes contain multiple values in a single field (e.g.
+          "Austin, TX"), it is important that the line order is clear. The order of
+          address lines should be "envelope order" for the country/region of the
+          address. In places where this can vary (e.g. Japan), address_language is
+          used to make it explicit (e.g. "ja" for large-to-small ordering and
+          "ja-Latn" or "en" for small-to-large). This way, the most specific line of
+          an address can be selected based on the language.
+
+          The minimum permitted structural representation of an address consists
+          of a region_code with all remaining information placed in the
+          address_lines. It would be possible to format such an address very
+          approximately without geocoding, but no semantic reasoning could be
+          made about any of the address components until it was at least
+          partially resolved.
+
+          Creating an address only containing a region_code and address_lines, and
+          then geocoding is the recommended way to handle completely unstructured
+          addresses (as opposed to guessing which parts of the address should be
+          localities or administrative areas).
+      recipients:
+        type: array
+        items:
+          type: string
+        description: |-
+          Optional. The recipient at the address.
+          This field may, under certain circumstances, contain multiline information.
+          For example, it might contain "care of" information.
+      organization:
+        type: string
+        description: Optional. The name of the organization at the address.
+    description: |-
+      Represents a postal address, e.g. for postal delivery or payments addresses.
+      Given a postal address, a postal service can deliver items to a premise, P.O.
+      Box or similar.
+      It is not intended to model geographical locations (roads, towns,
+      mountains).
+
+      In typical usage an address would be created via user input or from importing
+      existing data, depending on the type of process.
+
+      Advice on address input / editing:
+       - Use an i18n-ready address widget such as
+         https://github.com/google/libaddressinput)
+      - Users should not be presented with UI elements for input or editing of
+        fields outside countries where that field is used.
+
+      For more guidance on how to use this schema, please see:
+      https://support.google.com/business/answer/6397478
   v1AuthToken:
     type: object
     properties:
@@ -501,6 +844,31 @@ definitions:
         items:
           type: object
           $ref: '#/definitions/v1PublicEcJWK'
+  v1GetOpenIDProviderConfigResponse:
+    type: object
+    properties:
+      issuer:
+        type: string
+      authorizationEndpoint:
+        type: string
+      tokenEndpoint:
+        type: string
+      userinfoEndpoint:
+        type: string
+      jwksUri:
+        type: string
+      tokenEndpointAuthMethodsSupported:
+        type: array
+        items:
+          type: string
+      scopesSupported:
+        type: array
+        items:
+          type: string
+      claimsSupported:
+        type: array
+        items:
+          type: string
   v1LoginPasswordRequest:
     type: object
     properties:
@@ -518,6 +886,144 @@ definitions:
         type: string
       data:
         $ref: '#/definitions/v1AuthToken'
+  v1OAuthAuthorizeRequest:
+    type: object
+    properties:
+      responseType:
+        type: string
+      clientId:
+        type: string
+      redirectUri:
+        type: string
+      scope:
+        type: string
+      state:
+        type: string
+  v1OAuthAuthorizeResponse:
+    type: object
+    properties:
+      code:
+        type: string
+      state:
+        type: string
+  v1OAuthTokenIntrospectionRequest:
+    type: object
+    properties:
+      token:
+        type: string
+      tokenTypeHint:
+        type: string
+  v1OAuthTokenIntrospectionResponse:
+    type: object
+    properties:
+      active:
+        type: boolean
+      scope:
+        type: string
+      clientId:
+        type: string
+      username:
+        type: string
+      tokenType:
+        type: string
+      exp:
+        type: string
+        format: int64
+      iat:
+        type: string
+        format: int64
+      nbf:
+        type: string
+        format: int64
+      sub:
+        type: string
+      aud:
+        type: string
+      iss:
+        type: string
+      jti:
+        type: string
+  v1OAuthTokenRequest:
+    type: object
+    properties:
+      grantType:
+        type: string
+      code:
+        type: string
+      redirectUri:
+        type: string
+      clientId:
+        type: string
+  v1OAuthTokenResponse:
+    type: object
+    properties:
+      accessToken:
+        type: string
+      tokenType:
+        type: string
+      refreshToken:
+        type: string
+      expiresIn:
+        type: string
+        format: int64
+      idToken:
+        type: string
+  v1OAuthTokenRevocationRequest:
+    type: object
+    properties:
+      token:
+        type: string
+      tokenTypeHint:
+        type: string
+  v1OAuthTokenRevocationResponse:
+    type: object
+  v1OpenIDUserInfoRequest:
+    type: object
+  v1OpenIDUserInfoResponse:
+    type: object
+    properties:
+      sub:
+        type: string
+      name:
+        type: string
+      familyName:
+        type: string
+      givenName:
+        type: string
+      middleName:
+        type: string
+      nickname:
+        type: string
+      preferredUsername:
+        type: string
+      profile:
+        type: string
+      picture:
+        type: string
+      website:
+        type: string
+      email:
+        type: string
+      emailVerified:
+        type: boolean
+      gender:
+        type: string
+      birthdate:
+        type: string
+      zoneinfo:
+        type: string
+      locale:
+        type: string
+      phoneNumber:
+        type: string
+      phoneNumberVerified:
+        type: boolean
+      address:
+        $ref: '#/definitions/typePostalAddress'
+      updatedAt:
+        type: string
+        format: int64
+    title: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
   v1Order:
     type: object
     properties: