Skip to content

Authentication auto configuration #749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jsbroks merged 2 commits into from
Jan 17, 2026
Merged

Authentication auto configuration #749

jsbroks merged 2 commits into from
Jan 17, 2026
+62 −10

Conversation

@jsbroks
Copy link
Member

@jsbroks jsbroks commented Jan 17, 2026
edited by coderabbitai bot
Loading

Implement auto feature for credential authentication and hide email/password UI when credentials are disabled.

The auto feature for AUTH_CREDENTIALS_ENABLED now automatically disables email/password authentication if Google or OIDC authentication is configured. This ensures that the system prioritizes external identity providers when available and simplifies the login/signup UI by only displaying relevant options. A new /api/auth/config endpoint and a frontend hook (useAuthConfig) were added to communicate these settings to the UI.

Open in Cursor Open in Web

Summary by CodeRabbit

  • New Features
    • Authentication methods (email/password, Google, OIDC) can now be dynamically configured through environment variables.
    • Email/password authentication supports automatic enabling when other auth methods are unavailable.
    • Login and signup flows now respect authentication configuration settings.

✏️ Tip: You can customize this high-level summary in your review settings.

@cursoragent @jsbroks
Implement auth credentials auto config
4d0fb03 
Co-authored-by: justin <justin@wandb.com>
@cursor
Copy link

cursor bot commented Jan 17, 2026

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 17, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This PR introduces dynamic authentication configuration management by creating a tRPC endpoint that exposes auth feature flags (credentials, Google, OIDC enablement), a custom React hook to fetch this configuration, and updates login/signup pages to conditionally render email/password flows based on the fetched settings.

Changes

Cohort / File(s) Summary
Frontend Auth Configuration Hook
apps/web/app/api/auth-config.ts		 New React hook useAuthConfig that queries trpc.auth.config with 60-second staleTime, returning auth configuration or null.
Conditional Auth Rendering
apps/web/app/routes/auth/login.tsx, apps/web/app/routes/auth/signup.tsx		 Updated login and signup pages to import useAuthConfig and conditionally render email/password flows based on credentialsEnabled flag; signup shows loading state while checking options.
Auth Configuration Logic
packages/auth/src/better/config.ts		 Changed isOIDCAuthEnabled from hardcoded false to ENV-based check for AUTH_OIDC_CLIENT_ID and AUTH_OIDC_ISSUER; changed isCredentialsAuthEnabled to support "auto" mode (enabled only if Google and OIDC disabled) or explicit "true" setting; updated auth.emailAndPassword.enabled to respect computed flag.
tRPC Authentication Route
packages/trpc/src/root.ts, packages/trpc/src/routes/auth.ts		 Added new auth router to tRPC appRouter; created packages/trpc/src/routes/auth.ts exposing public config query that returns object with credentialsEnabled, googleEnabled, and oidcEnabled derived from auth feature flags.

Sequence Diagram(s)

sequenceDiagram
    participant React as React Component<br/>(Login/Signup)
    participant Hook as useAuthConfig Hook
    participant tRPC as tRPC Router
    participant AuthConfig as Auth Config<br/>(packages/auth)
    
    React->>Hook: Component mounts, calls useAuthConfig()
    Hook->>tRPC: trpc.auth.config.useQuery()
    tRPC->>AuthConfig: Query auth configuration
    AuthConfig->>AuthConfig: Evaluate ENV variables<br/>(AUTH_OIDC_*, AUTH_CREDENTIALS_*)
    AuthConfig->>AuthConfig: Compute isCredentialsEnabled,<br/>isOIDCAuthEnabled, isGoogleEnabled
    AuthConfig-->>tRPC: Return {credentialsEnabled,<br/>googleEnabled, oidcEnabled}
    tRPC-->>Hook: Return config object
    Hook-->>React: useAuthConfig returns {data, isLoading}
    React->>React: Conditionally render<br/>based on credentialsEnabled
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • chore: enable credential auth #746: Related changes to auth login/signup flows and configuration logic; this PR adds the runtime auth-config endpoint while the related PR implements the email/password UI features.

Poem

🐰 A tRPC hook hops through the night,
Fetching auth flags left and right,
Login forms dance to config's tune,
Credentials show when stars align—or soon!
Feature flags bloom in ENV's light. 🌙

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cursoragent @jsbroks
Serve auth config over tRPC
9a4d4e9 
Co-authored-by: justin <justin@wandb.com>
@jsbroks jsbroks marked this pull request as ready for review January 17, 2026 07:43
@jsbroks jsbroks merged commit 82f6904 into main Jan 17, 2026
7 of 8 checks passed
@jsbroks jsbroks deleted the cursor/authentication-auto-configuration-b71e branch January 17, 2026 07:44
@jsbroks jsbroks mentioned this pull request Jan 17, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jsbroks @cursoragent