feat: basic authenticator (#254)

[viters]

Basic authentication is sometimes useful for content that should not be publicly accessible, but does not need the level of security of other authentication methods. Ex. in-development web pages, temporarily hidden content.

It should work in combination with WWW-Authenticate error handler.

Related issue(s)

#254
This issue is quite old, but I today stumbled upon situation where basic authn could be useful to me - so I've decided to implement it.

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further comments

I will prepare a PR to docs if this feat gets approved.

[codecov]

Codecov Report

Merging #1044 (7444f08) into master (7017fdf) will decrease coverage by 0.68%.
The diff coverage is 72.50%.

❗ Current head 7444f08 differs from pull request most recent head d1b382c. Consider uploading reports for the commit d1b382c to get more accurate results

@@            Coverage Diff             @@
##           master    #1044      +/-   ##
==========================================
- Coverage   78.71%   78.03%   -0.69%     
==========================================
  Files          83       84       +1     
  Lines        3871     4033     +162     
==========================================
+ Hits         3047     3147     +100     
- Misses        554      605      +51     
- Partials      270      281      +11     

Impacted Files	Coverage Δ
pipeline/authn/authenticator_basic.go	71.79% <71.79%> (ø)
driver/registry_memory.go	90.12% <100.00%> (+0.04%)	⬆️
internal/cloudstorage/setup.go	60.13% <0.00%> (-9.10%)	⬇️
internal/driver.go	100.00% <0.00%> (+22.22%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[Davincible]

@aeneasr

[davidferlay]

My organization is interested in ability to authenticate requests based on Authorization: Basic header.

#254 mentions that oauth2_client_credentials authenticator can be used as workaround for that but we were not successful with it.

Would it be possible for you to provide some guidance on how to achieve that @aeneasr ? Or does it require new feature/code brought by this PR ?

[buildingwatsize]

Seems to be useful. Pinned.

[denisazevedo]

Basic authentication is great for instance, legacy systems.

Ory is great with all available authorizers, can we add this one too?