17 Commits

Author	SHA1	Message	Date
Chris	a187acf58c	Switch access control from groups to realm roles	2026-04-03 03:03:43 +08:00
Chris	e912d1498e	Speed up auth verification with JWKS/admin token caching	2026-04-03 02:20:54 +08:00
Chris	d5418d47e7	chore: silence introspection fallback warning noise	2026-04-03 01:53:35 +08:00
Chris	388a3f461c	refactor: rename idp fields to provider naming	2026-04-03 01:05:01 +08:00
Chris	81085e1844	fix(auth): resolve admin groups via keycloak admin API when token lacks groups	2026-04-03 00:28:32 +08:00
Chris	fd55d90a44	fix(auth): accept keycloak group path variants for admin guard	2026-04-03 00:24:32 +08:00
Chris	0bc667847d	refactor(keycloak): remove authentik naming and switch to keycloak-only paths	2026-04-01 02:01:41 +08:00
Chris	c7ed517ed2	feat(idp): add keycloak-first support with authentik fallback	2026-04-01 00:41:38 +08:00
Chris	556fc8d5cb	fix(api-clients): fallback api-key hashing without argon2; show site/module parent display names	2026-03-31 20:35:04 +08:00
Chris	3fe5ce4ce7	feat(admin): add api client management UI and backend CRUD/rotate endpoints	2026-03-30 23:28:27 +08:00
Chris	8ed50cdcc6	refactor(auth): use group-only admin access and remove admin api-key flow from frontend/admin routes	2026-03-30 21:39:43 +08:00
Chris	0e17997e66	feat(security): enforce admin allowlist guard on admin APIs and attach bearer for admin client	2026-03-30 21:25:57 +08:00
Chris	58ea76f8b6	fix(auth): correct userinfo endpoint fallback for authentik profile enrichment	2026-03-30 03:13:29 +08:00
Chris	f00b8cefaa	fix: enrich me profile via userinfo and add org-member management plan	2026-03-30 01:14:02 +08:00
Chris	cb8e72ccc7	feat: configure authentik member oidc and local dev token compatibility	2026-03-30 00:34:59 +08:00
Chris	2b81fd01c3	feat: add authentik jwt verification and me endpoints	2026-03-29 23:06:19 +08:00
Chris	3ca207d24a	feat: bootstrap backend MVP and architecture docs	2026-03-29 23:01:34 +08:00