feat: add configurable policy name for Host auth (#482)

* Initial plan

* Add configurable authorization policy name for Host mode

Co-authored-by: jods4 <3832820+jods4@users.noreply.github.com>

* Refactor: Make policy an optional parameter to WithHostAuthentication

Co-authored-by: jods4 <3832820+jods4@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jods4 <3832820+jods4@users.noreply.github.com>

Author: jods4

src/TickerQ.Dashboard/Authentication/AuthConfig.cs

@@ -32,6 +32,11 @@ public class AuthConfig
     /// </summary>
     public int SessionTimeoutMinutes { get; set; } = 60;
 
+    /// <summary>
+    /// Authorization policy name for Host mode (default: null uses the default policy)
+    /// </summary>
+    public string? HostAuthorizationPolicy { get; set; }
+    
     /// <summary>
     /// Whether authentication is enabled
     /// </summary>

src/TickerQ.Dashboard/DashboardOptionsBuilder.cs

@@ -60,9 +60,11 @@ public DashboardOptionsBuilder WithApiKey(string apiKey)
     }
 
     /// <summary>Use the host application's existing authentication system</summary>
-    public DashboardOptionsBuilder WithHostAuthentication()
+    /// <param name="policy">Optional authorization policy name to require (e.g., "AdminPolicy"). If null or empty, uses the default policy.</param>
+    public DashboardOptionsBuilder WithHostAuthentication(string? policy = null)
     {
         Auth.Mode = AuthMode.Host;
+        Auth.HostAuthorizationPolicy = policy;
         return this;
     }
 

src/TickerQ.Dashboard/Endpoints/DashboardEndpoints.cs

@@ -45,8 +45,15 @@ public static void MapDashboardEndpoints<TTimeTicker, TCronTicker>(this IEndpoin
         // Apply authentication if configured
         if (config.Auth.Mode == AuthMode.Host)
         {
-            // For host authentication, use default authorization
-            apiGroup.RequireAuthorization();
+            // For host authentication, use configured policy or default authorization
+            if (!string.IsNullOrEmpty(config.Auth.HostAuthorizationPolicy))
+            {
+                apiGroup.RequireAuthorization(config.Auth.HostAuthorizationPolicy);
+            }
+            else
+            {
+                apiGroup.RequireAuthorization();
+            }
         }
         // For other auth modes (Basic, Bearer, Custom), authentication is handled by AuthMiddleware
         // API endpoints are automatically protected when auth is enabled

src/TickerQ.Dashboard/README.md

@@ -48,11 +48,22 @@ services.AddTickerQ<MyTimeTicker, MyCronTicker>(config =>
 });
 ```
 
+### Use Host Authentication with Custom Policy
+```csharp
+services.AddTickerQ<MyTimeTicker, MyCronTicker>(config =>
+{
+    config.AddDashboard(dashboard =>
+    {
+        dashboard.WithHostAuthentication("AdminPolicy");
+    });
+});
+```
+
 ## 🔧 Fluent API Methods
 
 - `WithBasicAuth(username, password)` - Enable username/password authentication
 - `WithApiKey(apiKey)` - Enable API key authentication  
-- `WithHostAuthentication()` - Use your app's existing auth
+- `WithHostAuthentication(policy)` - Use your app's existing auth with optional policy (e.g., "AdminPolicy")
 - `SetBasePath(path)` - Set dashboard URL path
 - `SetBackendDomain(domain)` - Set backend API domain
 - `SetCorsPolicy(policy)` - Configure CORS