Endpoints
Prefix: /api
Authentication
| Endpoint | Method | Description |
|---|---|---|
/auth/login | POST | Email/password login → LoginResponseDto or MfaChallengeDto |
/auth/mfa/verify-login | POST | Complete MFA during login; body { userId, code, rememberDevice?, deviceInfo? } |
/auth/refresh | POST | Exchange { jti, refreshToken } for new tokens |
/auth/profile | GET | Current user profile (JWT required) |
/auth/profile | PATCH | Update profile fields (JWT + CSRF) |
/auth/logout | POST | Revoke session by jti (JWT required) |
/auth/forgot-password | POST | Always 204; issues reset token and queues notifications |
/auth/reset-password | POST | Validate token, update password, revoke sessions |
/auth/verify-email | POST | Placeholder for email verification |
Profile Updates
PATCH /auth/profile accepts:
givenName,familyName,preferredName,avatarphoneNumber(E.164 format)
A phone change sets phoneVerified=false and disables phone-based MFA (sms, whatsapp) to enforce re-enrolment.
OAuth
| Endpoint | Description |
|---|---|
GET /auth/google | External redirect to Google |
GET /auth/google/callback | Google OAuth callback |
GET /auth/facebook | External redirect to Facebook |
GET /auth/facebook/callback | Facebook OAuth callback |
Health & Observability
| Endpoint | Description |
|---|---|
GET /health | Liveness check |
GET /health/ready | Readiness (skips providers with CI_OFFLINE=true) |
GET /health/providers | Provider diagnostics (non-gating) |
Related
apps/idp/README.mdapps/idp/src/app/health/health.controller.ts