feat: Oracle IAM OIDC, force password change, security hardening
- OIDC: authorization code flow, JWKS validation, JIT provisioning, group-to-role mapping, dual auth (local/oidc/both) - Force password change: random admin password on first install, modal blocks UI until changed - APP_SECRET required in docker-compose (fail if missing), .env.example improved - Login page: Oracle IAM button (conditional), hide form in oidc-only mode - OracleIamPage: test connection via backend, masked client_secret handling - UsersPage: OIDC badge, auth_provider in list - i18n: login.oidcButton, login.or (pt/en/es) - README v3.1: Terminal, User Management, Security, OIDC endpoints, versioning
This commit is contained in:
@@ -10,6 +10,7 @@ export interface User {
|
||||
mfa_enabled?: boolean;
|
||||
timezone?: string;
|
||||
auth_provider?: string;
|
||||
must_change_password?: boolean;
|
||||
}
|
||||
|
||||
export interface LoginResponse {
|
||||
@@ -18,6 +19,7 @@ export interface LoginResponse {
|
||||
mfa_required?: boolean;
|
||||
mfa_setup?: boolean;
|
||||
totp_uri?: string;
|
||||
must_change_password?: boolean;
|
||||
}
|
||||
|
||||
export const authApi = {
|
||||
@@ -26,6 +28,9 @@ export const authApi = {
|
||||
|
||||
logout: () => client.post('/auth/logout'),
|
||||
|
||||
oidcLogout: () =>
|
||||
client.post<never, { ok: boolean; idp_logout_url?: string }>('/auth/oidc/logout'),
|
||||
|
||||
me: () => client.get<never, User>('/users/me'),
|
||||
|
||||
changePassword: (current_password: string, new_password: string) =>
|
||||
|
||||
Reference in New Issue
Block a user