Phase 2: Auth Config Discovery Endpoint #413

New Issue

Closed

opened 2026-02-16 16:56:43 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-02-16 16:56:43 +00:00

Owner

Copy Link

Parent Epic: #411

Stories

• 2.1 Add AuthProvider and AuthConfigResponse types to @mosaic/shared
• 2.2 Implement getAuthConfig() in AuthService
• 2.3 Add GET /auth/config endpoint in AuthController
• 2.4 Add secret-leakage prevention test
• 2.5 Implement isOidcProviderReachable() health check with 2s timeout and 30s cache

Acceptance Criteria

• GET /auth/config returns provider list based on OIDC_ENABLED
• Authentik provider omitted when OIDC provider unreachable
• Response sets Cache-Control: public, max-age=300
• Response NEVER contains secrets (CLIENT_SECRET, CLIENT_ID, JWT_SECRET, etc.)
• Health check caches results for 30 seconds
• All new code has tests (85%+ coverage)
• pnpm lint && pnpm typecheck && pnpm test pass

Files

• packages/shared/src/types/auth.types.ts
• packages/shared/src/types/index.ts
• apps/api/src/auth/auth.service.ts
• apps/api/src/auth/auth.controller.ts

## Parent Epic: #411 ## Stories - **2.1** Add AuthProvider and AuthConfigResponse types to @mosaic/shared - **2.2** Implement getAuthConfig() in AuthService - **2.3** Add GET /auth/config endpoint in AuthController - **2.4** Add secret-leakage prevention test - **2.5** Implement isOidcProviderReachable() health check with 2s timeout and 30s cache ## Acceptance Criteria - [ ] GET /auth/config returns provider list based on OIDC_ENABLED - [ ] Authentik provider omitted when OIDC provider unreachable - [ ] Response sets Cache-Control: public, max-age=300 - [ ] Response NEVER contains secrets (CLIENT_SECRET, CLIENT_ID, JWT_SECRET, etc.) - [ ] Health check caches results for 30 seconds - [ ] All new code has tests (85%+ coverage) - [ ] pnpm lint && pnpm typecheck && pnpm test pass ## Files - packages/shared/src/types/auth.types.ts - packages/shared/src/types/index.ts - apps/api/src/auth/auth.service.ts - apps/api/src/auth/auth.controller.ts

jason.woltje added this to the Auth-Frontend-Remediation (0.0.14) milestone 2026-02-16 16:56:43 +00:00

jason.woltje added the authapiapi labels 2026-02-16 16:56:43 +00:00

jason.woltje referenced this issue 2026-02-16 16:57:11 +00:00

Phase 5: Login Page Integration #416

jason.woltje referenced this issue from a commit 2026-02-16 17:11:08 +00:00

feat(#413): add AuthProviderConfig and AuthConfigResponse types to @mosaic/shared

jason.woltje referenced this issue from a commit 2026-02-16 17:14:57 +00:00

feat(#413): implement GET /auth/config discovery endpoint

jason.woltje referenced this issue from a commit 2026-02-16 17:17:04 +00:00

test(#413): add secret-leakage prevention test for GET /auth/config

jason.woltje referenced this issue from a commit 2026-02-16 17:20:11 +00:00

feat(#413): add OIDC provider health check with 30s cache

jason.woltje referenced this issue from a commit 2026-02-16 17:21:23 +00:00

chore(#411): Phase 2 complete — 4/4 tasks done, 55 auth tests passing

jason.woltje referenced a pull request that will close this issue 2026-02-16 18:22:00 +00:00

fix(#411): auth & frontend remediation — all 6 phases complete #418

jason.woltje closed this issue 2026-02-16 18:38:36 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label api api auth

Milestone

No items

No Milestone Auth-Frontend-Remediation (0.0.14)

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#413