Add multi-scheme authentication support

[moutonjeremy]

Introduce mock authentication services and implement validators for Basic Auth, API Key, and AWS SigV4. Enhance authorization validation to support multiple security schemes while maintaining backward compatibility. Implement middleware for improved authentication handling. Update input parsing to accommodate new configuration options.

[Copilot]

Pull request overview

This PR extends the library’s authentication/authorization support to handle multiple OpenAPI security schemes (Basic Auth, API Key, AWS SigV4, and existing Bearer), adding dispatch logic and validators while keeping Bearer-only behavior as a fallback for backwards compatibility.

Changes:

• Add multi-scheme authentication dispatch and standalone middleware for Basic, API Key, and AWS SigV4.
• Update authorization validation to use configured security schemes (with Bearer-only fallback when none are configured).
• Add extensive test coverage and update the auth example to demonstrate multi-scheme configuration/usage.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
conditional_auth.go	Adds SmartAuth selection logic and new multi-scheme + per-scheme middleware.
common.go	Passes Config into authorization validation to enable scheme-aware auth.
auth.go	Updates validateAuthorization to support multi-scheme validation with backward-compatible fallback.
auth_schemes.go	Introduces scheme validator interfaces, parsing/validation helpers, and scheme dispatch.
auth_schemes_test.go	Adds tests for Basic/APIKey/AWS SigV4 validators and multi-scheme dispatch behavior.
_examples/auth/main.go	Updates the example auth service and OpenAPI config to demonstrate multiple schemes.

Comments suppressed due to low confidence (1)

conditional_auth.go:42

• SmartAuthMiddleware builds excludePaths directly from config.*Path fields. If any of these are empty strings (e.g., SmartAuthMiddleware called with a zero Config), ConditionalAuthMiddleware will treat every route as excluded because strings.HasPrefix(path, "") is always true, effectively disabling authentication. Filter out empty excludePaths (or apply defaults before building the list).

	// Paths to exclude from authentication
	excludePaths := []string{
		config.OpenAPIDocsPath, // /docs
		config.OpenAPIJSONPath, // /openapi.json
		config.OpenAPIYamlPath, // /openapi.yaml
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@moutonjeremy I've opened a new pull request, #34, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.