hzhang 2a394969d2 feat(center): OIDC login (auto-provision by email) + CLI config-oidc ...

- OidcConfig entity (single row) + DB registration.
- OidcService: discovery, Authorization Code + PKCE, state/ticket as
  short-lived signed JWTs (no server session), userinfo/id_token claim
  resolution. Auto-provisions a passwordless user by email.
- Public endpoints /auth/oidc/{status,start,callback,exchange}; callback
  bounces a one-time ticket to the SPA in the URL fragment.
- AuthService.provisionOidcUser + issueSessionForUserId (login shape).
- CLI: 'config oidc' upserts issuer/clientId/secret/callback/redirect/
  scopes/enabled (secret masked on print).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-18 09:44:49 +01:00

..

auth.controller.ts

fix(security): close Critical auth gaps (C1/C2/C3)

2026-05-16 17:47:01 +01:00

auth.module.ts

feat(center): OIDC login (auto-provision by email) + CLI config-oidc

2026-05-18 09:44:49 +01:00

auth.service.ts

feat(center): OIDC login (auto-provision by email) + CLI config-oidc

2026-05-18 09:44:49 +01:00

dto.login.dto.ts

feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00

dto.logout.dto.ts

feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00

dto.refresh.dto.ts

feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00

dto.register.dto.ts

feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00

dto.update-me.dto.ts

feat(center): user display name + GET/PATCH /auth/me

2026-05-15 09:09:40 +01:00

oidc.controller.ts

feat(center): OIDC login (auto-provision by email) + CLI config-oidc

2026-05-18 09:44:49 +01:00

oidc.service.ts

feat(center): OIDC login (auto-provision by email) + CLI config-oidc

2026-05-18 09:44:49 +01:00

token.util.spec.ts

refactor: migrate to ES modules

2026-05-15 18:47:35 +01:00

token.util.ts

feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00