refactor(keycloak): remove authentik naming and switch to keycloak-only paths

tests/test_idp_jwt.py

@@ -1,12 +1,12 @@
 from fastapi.testclient import TestClient
 
 from app.main import app
-from app.security.authentik_jwt import AuthentikTokenVerifier
+from app.security.idp_jwt import KeycloakTokenVerifier
 
 
 def test_infer_jwks_url() -> None:
-    assert AuthentikTokenVerifier._infer_jwks_url("https://auth.ose.tw/application/o/member/") == (
-        "https://auth.ose.tw/application/o/member/jwks/"
+    assert KeycloakTokenVerifier._infer_jwks_url("https://auth.ose.tw/application/o/member/") == (
+        "https://auth.ose.tw/application/o/member/protocol/openid-connect/certs"
     )
 
 

tests/test_internal_idp_sync.py

@@ -4,20 +4,20 @@ from app.main import app
 from app.security.api_client_auth import require_api_client
 
 
-def test_internal_authentik_ensure_requires_config() -> None:
+def test_internal_idp_ensure_requires_config() -> None:
     app.dependency_overrides[require_api_client] = lambda: None
     client = TestClient(app)
     try:
         resp = client.post(
-            "/internal/authentik/users/ensure",
+            "/internal/idp/users/ensure",
             json={
-                "sub": "authentik-sub-1",
+                "sub": "idp-sub-1",
                 "email": "user@example.com",
                 "display_name": "User Example",
                 "is_active": True,
             },
         )
         assert resp.status_code == 503
-        assert resp.json()["detail"] == "authentik_admin_not_configured"
+        assert resp.json()["detail"] == "idp_admin_not_configured"
     finally:
         app.dependency_overrides.pop(require_api_client, None)