fix(login): switch frontend account login to oidc flow

app/api/auth.py

@@ -112,7 +112,11 @@ def login(payload: LoginRequest) -> LoginResponse:
 
 
 @router.get("/oidc/url", response_model=OIDCAuthUrlResponse)
-def get_oidc_authorize_url(redirect_uri: str) -> OIDCAuthUrlResponse:
+def get_oidc_authorize_url(
+    redirect_uri: str,
+    login_hint: str | None = None,
+    prompt: str = "login",
+) -> OIDCAuthUrlResponse:
     settings = get_settings()
     client_id = settings.authentik_client_id or settings.authentik_audience
     if not settings.authentik_base_url or not client_id:
@@ -120,16 +124,18 @@ def get_oidc_authorize_url(redirect_uri: str) -> OIDCAuthUrlResponse:
 
     authorize_endpoint = urljoin(settings.authentik_base_url.rstrip("/") + "/", "application/o/authorize/")
     state = secrets.token_urlsafe(24)
-    params = httpx.QueryParams(
-        {
+    query = {
         "client_id": client_id,
         "response_type": "code",
         "scope": "openid profile email",
         "redirect_uri": redirect_uri,
         "state": state,
-            "prompt": "login",
+        "prompt": prompt or "login",
     }
-    )
+    if login_hint:
+        query["login_hint"] = login_hint
+
+    params = httpx.QueryParams(query)
     return OIDCAuthUrlResponse(authorize_url=f"{authorize_endpoint}?{params}")