feat(#413): implement GET /auth/config discovery endpoint

- Add getAuthConfig() to AuthService (email always, OIDC when enabled) - Add GET /auth/config public endpoint with Cache-Control: 5min - Place endpoint before catch-all to avoid interception Refs #413 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 11:14:51 -06:00
parent a9090aca7f
commit 2d59c4b2e4
4 changed files with 103 additions and 2 deletions
--- a/apps/api/src/auth/auth.service.ts
+++ b/apps/api/src/auth/auth.service.ts
@@ -2,8 +2,9 @@ import { Injectable, Logger } from "@nestjs/common";
 import type { PrismaClient } from "@prisma/client";
 import type { IncomingMessage, ServerResponse } from "http";
 import { toNodeHandler } from "better-auth/node";
+import type { AuthConfigResponse, AuthProviderConfig } from "@mosaic/shared";
 import { PrismaService } from "../prisma/prisma.service";
-import { createAuth, type Auth } from "./auth.config";
+import { createAuth, isOidcEnabled, type Auth } from "./auth.config";

@Injectable()
 export class AuthService {
@@ -103,4 +104,18 @@ export class AuthService {
      return null;
    }
  }
+
+  /**
+   * Get authentication configuration for the frontend.
+   * Returns available auth providers so the UI can render login options dynamically.
+   */
+  getAuthConfig(): AuthConfigResponse {
+    const providers: AuthProviderConfig[] = [{ id: "email", name: "Email", type: "credentials" }];
+
+    if (isOidcEnabled()) {
+      providers.push({ id: "authentik", name: "Authentik", type: "oauth" });
+    }
+
+    return { providers };
+  }
 }