vikunja/pkg/modules/auth
kolaente 78f79accb5 refactor(auth): extract transport-agnostic login, logout and OIDC cores
Pull the credential/TOTP check, session deletion, user-token issuance and
OIDC callback flow out of the v1 echo handlers and into reusable helpers so
both /api/v1 and the upcoming /api/v2 share one implementation:

- auth.IssueUserToken + auth.WriteUserAuthCookies split the token/cookie
  machinery from the echo response; NewUserAuthTokenResponse now wraps them.
- auth.SessionIDFromContext reads the sid claim for logout.
- shared.AuthenticateUserCredentials, shared.DeleteSession hold the login
  and logout cores.
- openid.AuthenticateCallback holds the OIDC exchange/getOrCreate/TOTP/team
  sync, returning the user; HandleCallback issues the token as before.

v1 behaviour is unchanged on the wire.
2026-06-17 19:43:41 +00:00
..
ldap fix(auth): skip profile updates for disabled LDAP users 2026-03-23 16:37:26 +00:00
oauth2server feat(audit): emit the login event for the OAuth code exchange 2026-06-12 08:56:08 +00:00
openid refactor(auth): extract transport-agnostic login, logout and OIDC cores 2026-06-17 19:43:41 +00:00
auth.go refactor(auth): extract transport-agnostic login, logout and OIDC cores 2026-06-17 19:43:41 +00:00
auth_test.go feat(auth): add GetAuthFromContext for Huma handlers 2026-05-31 12:56:57 +00:00