Refactoring

apps/api/src/app/auth/auth.module.ts

@@ -73,12 +73,13 @@ import { OidcStrategy } from './oidc.strategy';
         let tokenURL: string;
         let userInfoURL: string;
 
-        // If all manual URLs are provided, use them; otherwise fetch from discovery
         if (manualAuthorizationUrl && manualTokenUrl && manualUserInfoUrl) {
+          // Use manual URLs
           authorizationURL = manualAuthorizationUrl;
           tokenURL = manualTokenUrl;
           userInfoURL = manualUserInfoUrl;
         } else {
+          // Fetch OIDC configuration from discovery endpoint
           try {
             const response = await fetch(
               `${issuer}/.well-known/openid-configuration`
@@ -102,14 +103,14 @@ import { OidcStrategy } from './oidc.strategy';
         }
 
         const options: StrategyOptions = {
+          authorizationURL,
           issuer,
           scope,
-          authorizationURL,
+          tokenURL,
+          userInfoURL,
           callbackURL: callbackUrl,
           clientID: configurationService.get('OIDC_CLIENT_ID'),
-          clientSecret: configurationService.get('OIDC_CLIENT_SECRET'),
+          clientSecret: configurationService.get('OIDC_CLIENT_SECRET')
-          tokenURL,
-          userInfoURL
         };
 
         return new OidcStrategy(authService, options);

apps/api/src/app/auth/oidc-state.store.ts

@@ -68,8 +68,8 @@ export class OidcStateStore {
         return callback(null, undefined, undefined);
       }
 
-      // Check if state has expired
       if (Date.now() - data.timestamp > this.STATE_EXPIRY_MS) {
+        // State has expired
         this.stateMap.delete(handle);
         return callback(null, undefined, undefined);
       }

apps/api/src/services/configuration/configuration.service.ts

@@ -62,15 +62,21 @@ export class ConfigurationService {
       OIDC_CALLBACK_URL: str({ default: '' }),
       OIDC_CLIENT_ID: str({
         default: undefined,
-        requiredWhen: (env) => env.ENABLE_FEATURE_AUTH_OIDC === true
+        requiredWhen: (env) => {
+          return env.ENABLE_FEATURE_AUTH_OIDC === true;
+        }
       }),
       OIDC_CLIENT_SECRET: str({
         default: undefined,
-        requiredWhen: (env) => env.ENABLE_FEATURE_AUTH_OIDC === true
+        requiredWhen: (env) => {
+          return env.ENABLE_FEATURE_AUTH_OIDC === true;
+        }
       }),
       OIDC_ISSUER: str({
         default: undefined,
-        requiredWhen: (env) => env.ENABLE_FEATURE_AUTH_OIDC === true
+        requiredWhen: (env) => {
+          return env.ENABLE_FEATURE_AUTH_OIDC === true;
+        }
       }),
       OIDC_SCOPE: json({ default: ['openid'] }),
       OIDC_TOKEN_URL: str({ default: '' }),

apps/api/src/services/interfaces/environment.interface.ts

@@ -35,9 +35,9 @@ export interface Environment extends CleanedEnvAccessors {
   MAX_CHART_ITEMS: number;
   OIDC_AUTHORIZATION_URL: string;
   OIDC_CALLBACK_URL: string;
-  OIDC_CLIENT_ID: string | undefined;
+  OIDC_CLIENT_ID: string;
-  OIDC_CLIENT_SECRET: string | undefined;
+  OIDC_CLIENT_SECRET: string;
-  OIDC_ISSUER: string | undefined;
+  OIDC_ISSUER: string;
   OIDC_SCOPE: string[];
   OIDC_TOKEN_URL: string;
   OIDC_USER_INFO_URL: string;

apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html

@@ -41,7 +41,7 @@
               class="mr-2"
               src="../assets/icons/google.svg"
               style="height: 1rem"
-            /><ng-container i18n>Sign in with Google</ng-container></a
+            /><span i18n>Sign in with Google</span></a
           >
         </div>
       }

prisma/migrations/20251103162035_add_oidc_provider/migration.sql

@@ -1,7 +0,0 @@
--- AlterEnum (idempotent - only add if not exists)
-DO $$
-BEGIN
-    IF NOT EXISTS (SELECT 1 FROM pg_enum WHERE enumlabel = 'OIDC' AND enumtypid = (SELECT oid FROM pg_type WHERE typname = 'Provider')) THEN
-        ALTER TYPE "Provider" ADD VALUE 'OIDC';
-    END IF;
-END $$;

prisma/migrations/20251103162035_added_oidc_to_provider/migration.sql

@@ -0,0 +1,3 @@
+-- AlterEnum
+ALTER TYPE "Provider" ADD VALUE 'OIDC';
+