mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
9b5ecc0171b9f6cf5846699dd316d6ffcfaf9657
stack/docs/scratchpads/p5-004-authentik-sso.md
Jarvis 774b76447d
Some checks failed
ci/woodpecker/pr/ci Pipeline failed
Details
ci/woodpecker/push/ci Pipeline failed
Details
fix: rename all packages from @mosaic/* to @mosaicstack/* 
- Updated all package.json name fields and dependency references
- Updated all TypeScript/JavaScript imports
- Updated .woodpecker/publish.yml filters and registry paths
- Updated tools/install.sh scope default
- Updated .npmrc registry paths (worktree + host)
- Enhanced update-checker.ts with checkForAllUpdates() multi-package support
- Updated CLI update command to show table of all packages
- Added KNOWN_PACKAGES, formatAllPackagesTable, getInstallAllCommand
- Marked checkForUpdate() with @deprecated JSDoc

Closes #391
2026-04-04 21:43:23 -05:00

2.4 KiB
Raw Blame History

P5-004 Scratchpad

  • Objective: Add optional Authentik OIDC SSO adapter via Better Auth genericOAuth.

  • Task ref: P5-004

  • Issue ref: #96

  • Plan:

    1. Inspect auth/gateway surfaces and Better Auth plugin shape.
    2. Add failing coverage for auth config/startup validation where feasible.
    3. Implement adapter, docs, and warnings.
    4. Run targeted typechecks, lint, and review.

  • TDD note: no low-friction auth plugin or bootstrap-env test seam exists for packages/auth/src/auth.ts or apps/gateway/src/main.ts. This change is configuration-oriented and does not alter an existing behavioral contract with a current test harness. I skipped new tests for this pass and relied on exact typecheck/lint/test commands plus manual review.

  • Changes:

    1. Added conditional Better Auth genericOAuth plugin registration for the authentik provider in packages/auth/src/auth.ts.
    2. Added a soft startup warning in apps/gateway/src/main.ts for incomplete Authentik env configuration.
    3. Added docs/plans/authentik-sso-setup.md with env, redirect URI, and test-flow guidance.
    4. Confirmed packages/auth/src/index.ts already exports AuthConfig; no change required there.

  • Verification:

    1. pnpm --filter @mosaicstack/db build
    2. pnpm --filter @mosaicstack/auth typecheck
    3. pnpm --filter @mosaicstack/gateway typecheck
    4. pnpm lint
    5. pnpm format:check
    6. pnpm --filter @mosaicstack/auth test
    7. pnpm --filter @mosaicstack/gateway test

  • Results:

    1. @mosaicstack/auth typecheck passed after replacing the non-existent enabled field with conditional plugin registration.
    2. @mosaicstack/gateway typecheck passed.
    3. Repo lint passed.
    4. Prettier check passed after formatting apps/gateway/src/main.ts.
    5. @mosaicstack/auth tests reported No test files found, exiting with code 0.
    6. @mosaicstack/gateway tests passed: 3 files, 20 tests.

  • Review:

    1. Manual review of the diff found no blocker issues.
    2. External codex-code-review.sh --uncommitted was attempted but did not return a usable verdict in-session; no automated review findings were available from that run.

  • Situational evidence:

    1. Provider activation is env-gated by AUTHENTIK_CLIENT_ID.
    2. Misconfigured optional SSO surfaces a warning instead of crashing gateway startup.
    3. Setup doc records the expected redirect path: {BETTER_AUTH_URL}/api/auth/callback/authentik.
Reference in New Issue View Git Blame Copy Permalink