Plan OIDC integration and audit

2026-02-10 14:45:34 -08:00
parent bb028ef2db
commit 1c71a08bbe
26 changed files with 1338 additions and 135 deletions
@@ -70,6 +70,9 @@ export interface AuthStatusResponse {
  authEnabled?: boolean;
  enabled?: boolean;
  bootstrapRequired?: boolean;
+  authOnboardingRequired?: boolean;
+  authOnboardingMode?: "migration" | "fresh";
+  authOnboardingRecommended?: "enable" | null;
 }

 export interface AuthUser {
@@ -132,14 +135,24 @@ export const authRegister = async (
  password: string,
  name: string
 ): Promise<{ user: AuthUser; accessToken: string; refreshToken: string }> => {
-  const response = await axios.post<{ user: AuthUser; accessToken: string; refreshToken: string }>(
-    `${API_URL}/auth/register`,
-    { email, password, name },
-    { withCredentials: true }
+  const response = await api.post<{ user: AuthUser; accessToken: string; refreshToken: string }>(
+    "/auth/register",
+    { email, password, name }
  );
  return response.data;
 };

+export const authOnboardingChoice = async (
+  enableAuth: boolean
+): Promise<{ authEnabled: boolean; authOnboardingCompleted: boolean; bootstrapRequired: boolean }> => {
+  const response = await api.post<{
+    authEnabled: boolean;
+    authOnboardingCompleted: boolean;
+    bootstrapRequired: boolean;
+  }>('/auth/onboarding-choice', { enableAuth });
+  return response.data;
+};
+
 export const authPasswordResetConfirm = async (
  token: string,
  password: string
@@ -225,7 +238,6 @@ api.interceptors.request.use(
    // Auth endpoints that don't require authentication (login, register, etc.)
    const publicAuthEndpoints = [
      '/auth/login',
-      '/auth/register',
      '/auth/refresh',
      '/auth/password-reset-request',
      '/auth/password-reset-confirm',