feat(#413): implement GET /auth/config discovery endpoint

- Add getAuthConfig() to AuthService (email always, OIDC when enabled) - Add GET /auth/config public endpoint with Cache-Control: 5min - Place endpoint before catch-all to avoid interception Refs #413 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 11:14:51 -06:00
parent a9090aca7f
commit 2d59c4b2e4
4 changed files with 103 additions and 2 deletions
--- a/apps/api/src/auth/auth.service.spec.ts
+++ b/apps/api/src/auth/auth.service.spec.ts
@@ -90,6 +90,45 @@ describe("AuthService", () => {
    });
  });

+  describe("getAuthConfig", () => {
+    it("should return only email provider when OIDC is disabled", () => {
+      delete process.env.OIDC_ENABLED;
+
+      const result = service.getAuthConfig();
+
+      expect(result).toEqual({
+        providers: [{ id: "email", name: "Email", type: "credentials" }],
+      });
+    });
+
+    it("should return both email and authentik providers when OIDC is enabled", () => {
+      process.env.OIDC_ENABLED = "true";
+
+      const result = service.getAuthConfig();
+
+      expect(result).toEqual({
+        providers: [
+          { id: "email", name: "Email", type: "credentials" },
+          { id: "authentik", name: "Authentik", type: "oauth" },
+        ],
+      });
+
+      delete process.env.OIDC_ENABLED;
+    });
+
+    it("should return only email provider when OIDC_ENABLED is false", () => {
+      process.env.OIDC_ENABLED = "false";
+
+      const result = service.getAuthConfig();
+
+      expect(result).toEqual({
+        providers: [{ id: "email", name: "Email", type: "credentials" }],
+      });
+
+      delete process.env.OIDC_ENABLED;
+    });
+  });
+
  describe("verifySession", () => {
    const mockSessionData = {
      user: {