Add admin-create registration + live email-verified flag
Registration now goes through POST /api/auth/register, which admin-creates the Kratos identity (unverified email, NO auto-sent code). Kratos self-service registration never returns the verification flow id, so the client could never submit the user's code to the right flow; admin creation lets the client own a single verification flow instead. Also surface the live Kratos verified flag and fix Apple audience + team IDs. - kratos.Client.CreateIdentity via admin API; ErrIdentityExists / ErrInvalidCredentials - AuthService.Register + AuthHandler.Register + public POST /api/auth/register/ - CurrentUser overrides stale user_profile.verified with the live Kratos flag; UserRepository.MarkVerified mirrors it back - configmap: additional_id_token_audiences allows the .dev bundle id_token - fix Apple/APNs team id V3PF3M6B6U -> X86BR9WTLD in .env.example + dev init Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -328,8 +328,13 @@ func SetupRouter(deps *Dependencies) *echo.Echo {
|
||||
// API group
|
||||
api := e.Group("/api")
|
||||
{
|
||||
// Session lifecycle (login, register, logout, password reset) is
|
||||
// handled by Ory Kratos — no public auth routes in this service.
|
||||
// Session lifecycle (login, logout, password reset, email verification)
|
||||
// is handled directly by Ory Kratos from the client. Registration is the
|
||||
// exception: it goes through this endpoint, which admin-creates the
|
||||
// Kratos identity so no verification email is auto-sent to an
|
||||
// unreachable flow (see handlers.AuthHandler.Register). Public — the
|
||||
// caller has no session yet.
|
||||
api.POST("/auth/register/", authHandler.Register)
|
||||
|
||||
// Public data routes (no auth required)
|
||||
setupPublicDataRoutes(api, residenceHandler, taskHandler, contractorHandler, staticDataHandler, subscriptionHandler, taskTemplateHandler)
|
||||
|
||||
Reference in New Issue
Block a user