IAM

Method	Path	Auth	Description
POST	/api/v1/auth/login	None	Email + password login
GET	/api/v1/auth/oidc/status	None	OIDC availability
GET	/api/v1/auth/oidc/authorize	None	Redirect to OIDC provider
GET	/api/v1/auth/oidc/callback	None	OIDC code exchange
GET	/api/v1/auth/saml/status	None	SAML availability
GET	/api/v1/auth/saml/login	None	Redirect to SAML IdP
GET	/api/v1/auth/saml/metadata	None	SP metadata XML
POST	/api/v1/auth/saml/acs	None	SAML assertion consumer

POST /api/v1/auth/login

curl -X POST http://localhost:8080/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "admin@example.com", "password": "changeme"}'

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "admin@example.com",
    "name": "Admin",
    "role": "admin",
    "has_avatar": false
  }
}

Use the returned token in subsequent requests: Authorization: Bearer <token>

GET /api/v1/auth/oidc/status

{"enabled": true, "authorize_url": "/api/v1/auth/oidc/authorize"}

GET /api/v1/auth/oidc/authorize

Redirects the client to the configured OIDC provider for authentication.

GET /api/v1/auth/oidc/callback

Handles the OIDC authorization code exchange. The OIDC provider redirects the user here after authentication. Returns a JWT on success.

GET /api/v1/auth/saml/status

{"enabled": true, "login_url": "/api/v1/auth/saml/login"}

GET /api/v1/auth/saml/login

Redirects the client to the configured SAML Identity Provider.

GET /api/v1/auth/saml/metadata

Returns the SAML Service Provider metadata as XML. Provide this URL to your Identity Provider during SAML configuration.

POST /api/v1/auth/saml/acs

SAML Assertion Consumer Service endpoint. The Identity Provider posts the SAML response here after authentication. Returns a JWT on success.