till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-21 04:26:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
1048 commits 34 branches 38 tags 146 MiB
Commit graph

10 commits

Author SHA1 Message Date
Till-JS
b4493ce3fa debug: add token endpoint logging 2026-02-01 05:58:47 +01:00
Till-JS
4599db54a4 📝 docs(mana-core-auth): add comment explaining OAuth token form-urlencoded support 
Documents that the token endpoint accepts both JSON and form-urlencoded
bodies per OAuth2 spec, with form data parsed by body-parser middleware.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 04:12:16 +01:00
Till-JS
78a5002968 debug: add logging to OIDC authorize endpoint 2026-01-30 18:02:56 +01:00
Till-JS
f59b6596b0 fix(mana-core-auth): add dedicated Better Auth handler for sign-in 
The OIDC request handler was not properly forwarding sign-in requests.
Added a dedicated handler that:
- Directly calls Better Auth's handler
- Properly handles Set-Cookie headers for session cookies
- Exposed getHandler() method from BetterAuthService
- Added trustedOrigins configuration to allow cross-origin requests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-30 17:56:34 +01:00
Till-JS
edbe7502d3 fix(mana-core-auth): use Better Auth native sign-in for OIDC login 
The OIDC login page was using our custom /api/v1/auth/login endpoint
which returns tokens but doesn't set session cookies. Better Auth's
OIDC provider needs session cookies to recognize logged-in users.

Changes:
- Update login page to use /api/auth/sign-in/email (Better Auth native)
- Add sign-in endpoint handler in oidc.controller.ts
- Add route exclusion in main.ts for the sign-in path

This fixes the infinite redirect loop where users would log in but
then be sent back to login because the OAuth2 authorize endpoint
couldn't detect the session.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-30 16:57:52 +01:00
Till-JS
b150a16497 docs(auth): add Matrix SSO integration documentation 
- Document OIDC endpoints and authentication flow
- Add Synapse configuration examples
- Include troubleshooting guide
- Remove debug logging from OIDC handlers

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:57:48 +01:00
Till-JS
baea194677 fix(auth): add OAuth2 routes for OIDC discovery compatibility 
Better Auth's OIDC discovery document advertises endpoints at
/api/auth/oauth2/* paths. Add routes for these native paths to
ensure Matrix Synapse and other OIDC clients can complete the
authorization flow.

Routes added:
- GET /api/auth/oauth2/authorize
- POST /api/auth/oauth2/token
- GET /api/auth/oauth2/userinfo
- GET /api/auth/jwks

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:48:50 +01:00
Till-JS
e46a4c96df fix(auth): expose JWKS at /api/auth/jwks for OIDC discovery 
Better Auth's discovery document points to /api/auth/jwks,
so we need to expose this route directly in NestJS.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:21:39 +01:00
Till-JS
ef7f906215 debug(auth): add OIDC request logging 
Add console.log statements to debug OIDC routing issues.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 17:05:45 +01:00
Till-JS
00d28bc522 feat(auth): add OIDC Controller for Matrix SSO endpoints 
- Add OidcController to expose Better Auth OIDC Provider endpoints
- Add handleOidcRequest method to BetterAuthService
- Exclude OIDC routes from global /api/v1 prefix
- Register OidcController in AuthModule

Endpoints:
- GET /.well-known/openid-configuration
- GET /api/oidc/authorize
- POST /api/oidc/token
- GET /api/oidc/userinfo
- GET /api/oidc/jwks

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 16:49:26 +01:00