From 3092ada03a7c2ef7191586a2f141a87157d31cbf Mon Sep 17 00:00:00 2001
From: gibbyb <gib@gibbyb.com>
Date: Thu, 18 Sep 2025 17:00:38 -0500
Subject: [PATCH] Added Authentik! Still working on Microsoft Entra ID

---
 apps/next/src/app/(auth)/signin/page.tsx      | 32 +++++++++++++++++++
 packages/backend/convex/_generated/api.d.ts   | 18 +++++------
 packages/backend/convex/_generated/api.js     |  2 +-
 .../backend/convex/_generated/dataModel.d.ts  |  6 ++--
 .../backend/convex/_generated/server.d.ts     | 16 +++++-----
 packages/backend/convex/_generated/server.js  |  2 +-
 packages/backend/convex/auth.config.ts        |  3 ++
 packages/backend/convex/auth.ts               | 21 +++++++++++-
 8 files changed, 77 insertions(+), 23 deletions(-)

diff --git a/apps/next/src/app/(auth)/signin/page.tsx b/apps/next/src/app/(auth)/signin/page.tsx
index 848b878..db06199 100644
--- a/apps/next/src/app/(auth)/signin/page.tsx
+++ b/apps/next/src/app/(auth)/signin/page.tsx
@@ -8,6 +8,7 @@ import { useRouter } from 'next/navigation';
 import { ConvexError } from 'convex/values';
 import { useState } from 'react';
 import {
+    Button,
   Card,
   CardContent,
   Form,
@@ -17,6 +18,7 @@ import {
   FormLabel,
   FormMessage,
   Input,
+  Separator,
   SubmitButton,
   Tabs,
   TabsContent,
@@ -217,6 +219,36 @@ const SignIn = () => {
                     </SubmitButton>
                   </form>
                 </Form>
+                <div className='flex my-auto justify-center w-2/3'>
+                  <div className='flex flex-row w-1/3 items-center my-2.5'>
+                    <Separator className='py-0.5 mr-3' />
+                    <span className='font-semibold text-lg'>or</span>
+                    <Separator className='py-0.5 ml-3' />
+                  </div>
+                </div>
+                <div className='flex my-auto justify-center'>
+                  <Button
+                    onClick={() => signIn('authentik')}
+                    className='text-lg font-semibold w-2/3 mx-auto'
+                  >
+                    Sign In with Gib&apos;s Auth
+                  </Button>
+                </div>
+                <div className='flex my-auto justify-center w-2/3'>
+                  <div className='flex flex-row w-1/3 items-center my-2.5'>
+                    <Separator className='py-0.5 mr-3' />
+                    <span className='font-semibold text-lg'>or</span>
+                    <Separator className='py-0.5 ml-3' />
+                  </div>
+                </div>
+                <div className='flex my-auto justify-center'>
+                  <Button
+                    onClick={() => signIn('microsoft-entra-id')}
+                    className='text-lg font-semibold w-2/3 mx-auto'
+                  >
+                    Sign In with Microsoft
+                  </Button>
+                </div>
               </CardContent>
             </Card>
           </TabsContent>
diff --git a/packages/backend/convex/_generated/api.d.ts b/packages/backend/convex/_generated/api.d.ts
index 64167a7..c076b6b 100644
--- a/packages/backend/convex/_generated/api.d.ts
+++ b/packages/backend/convex/_generated/api.d.ts
@@ -12,13 +12,13 @@ import type {
   ApiFromModules,
   FilterApi,
   FunctionReference,
-} from 'convex/server';
-import type * as CustomPassword from '../CustomPassword.js';
-import type * as auth from '../auth.js';
-import type * as crons from '../crons.js';
-import type * as files from '../files.js';
-import type * as http from '../http.js';
-import type * as statuses from '../statuses.js';
+} from "convex/server";
+import type * as CustomPassword from "../CustomPassword.js";
+import type * as auth from "../auth.js";
+import type * as crons from "../crons.js";
+import type * as files from "../files.js";
+import type * as http from "../http.js";
+import type * as statuses from "../statuses.js";
 
 /**
  * A utility for referencing Convex functions in your app's API.
@@ -38,9 +38,9 @@ declare const fullApi: ApiFromModules<{
 }>;
 export declare const api: FilterApi<
   typeof fullApi,
-  FunctionReference<any, 'public'>
+  FunctionReference<any, "public">
 >;
 export declare const internal: FilterApi<
   typeof fullApi,
-  FunctionReference<any, 'internal'>
+  FunctionReference<any, "internal">
 >;
diff --git a/packages/backend/convex/_generated/api.js b/packages/backend/convex/_generated/api.js
index 2e31a22..3f9c482 100644
--- a/packages/backend/convex/_generated/api.js
+++ b/packages/backend/convex/_generated/api.js
@@ -8,7 +8,7 @@
  * @module
  */
 
-import { anyApi } from 'convex/server';
+import { anyApi } from "convex/server";
 
 /**
  * A utility for referencing Convex functions in your app's API.
diff --git a/packages/backend/convex/_generated/dataModel.d.ts b/packages/backend/convex/_generated/dataModel.d.ts
index afe7956..8541f31 100644
--- a/packages/backend/convex/_generated/dataModel.d.ts
+++ b/packages/backend/convex/_generated/dataModel.d.ts
@@ -13,9 +13,9 @@ import type {
   DocumentByName,
   TableNamesInDataModel,
   SystemTableNames,
-} from 'convex/server';
-import type { GenericId } from 'convex/values';
-import schema from '../schema.js';
+} from "convex/server";
+import type { GenericId } from "convex/values";
+import schema from "../schema.js";
 
 /**
  * The names of all of your Convex tables.
diff --git a/packages/backend/convex/_generated/server.d.ts b/packages/backend/convex/_generated/server.d.ts
index ad25580..7f337a4 100644
--- a/packages/backend/convex/_generated/server.d.ts
+++ b/packages/backend/convex/_generated/server.d.ts
@@ -18,8 +18,8 @@ import {
   GenericQueryCtx,
   GenericDatabaseReader,
   GenericDatabaseWriter,
-} from 'convex/server';
-import type { DataModel } from './dataModel.js';
+} from "convex/server";
+import type { DataModel } from "./dataModel.js";
 
 /**
  * Define a query in this Convex app's public API.
@@ -29,7 +29,7 @@ import type { DataModel } from './dataModel.js';
  * @param func - The query function. It receives a {@link QueryCtx} as its first argument.
  * @returns The wrapped query. Include this as an `export` to name it and make it accessible.
  */
-export declare const query: QueryBuilder<DataModel, 'public'>;
+export declare const query: QueryBuilder<DataModel, "public">;
 
 /**
  * Define a query that is only accessible from other Convex functions (but not from the client).
@@ -39,7 +39,7 @@ export declare const query: QueryBuilder<DataModel, 'public'>;
  * @param func - The query function. It receives a {@link QueryCtx} as its first argument.
  * @returns The wrapped query. Include this as an `export` to name it and make it accessible.
  */
-export declare const internalQuery: QueryBuilder<DataModel, 'internal'>;
+export declare const internalQuery: QueryBuilder<DataModel, "internal">;
 
 /**
  * Define a mutation in this Convex app's public API.
@@ -49,7 +49,7 @@ export declare const internalQuery: QueryBuilder<DataModel, 'internal'>;
  * @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
  * @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
  */
-export declare const mutation: MutationBuilder<DataModel, 'public'>;
+export declare const mutation: MutationBuilder<DataModel, "public">;
 
 /**
  * Define a mutation that is only accessible from other Convex functions (but not from the client).
@@ -59,7 +59,7 @@ export declare const mutation: MutationBuilder<DataModel, 'public'>;
  * @param func - The mutation function. It receives a {@link MutationCtx} as its first argument.
  * @returns The wrapped mutation. Include this as an `export` to name it and make it accessible.
  */
-export declare const internalMutation: MutationBuilder<DataModel, 'internal'>;
+export declare const internalMutation: MutationBuilder<DataModel, "internal">;
 
 /**
  * Define an action in this Convex app's public API.
@@ -72,7 +72,7 @@ export declare const internalMutation: MutationBuilder<DataModel, 'internal'>;
  * @param func - The action. It receives an {@link ActionCtx} as its first argument.
  * @returns The wrapped action. Include this as an `export` to name it and make it accessible.
  */
-export declare const action: ActionBuilder<DataModel, 'public'>;
+export declare const action: ActionBuilder<DataModel, "public">;
 
 /**
  * Define an action that is only accessible from other Convex functions (but not from the client).
@@ -80,7 +80,7 @@ export declare const action: ActionBuilder<DataModel, 'public'>;
  * @param func - The function. It receives an {@link ActionCtx} as its first argument.
  * @returns The wrapped function. Include this as an `export` to name it and make it accessible.
  */
-export declare const internalAction: ActionBuilder<DataModel, 'internal'>;
+export declare const internalAction: ActionBuilder<DataModel, "internal">;
 
 /**
  * Define an HTTP action.
diff --git a/packages/backend/convex/_generated/server.js b/packages/backend/convex/_generated/server.js
index 4651d7a..566d485 100644
--- a/packages/backend/convex/_generated/server.js
+++ b/packages/backend/convex/_generated/server.js
@@ -16,7 +16,7 @@ import {
   internalActionGeneric,
   internalMutationGeneric,
   internalQueryGeneric,
-} from 'convex/server';
+} from "convex/server";
 
 /**
  * Define a query in this Convex app's public API.
diff --git a/packages/backend/convex/auth.config.ts b/packages/backend/convex/auth.config.ts
index 40b63c7..bee16e9 100644
--- a/packages/backend/convex/auth.config.ts
+++ b/packages/backend/convex/auth.config.ts
@@ -1,3 +1,6 @@
+import Authentik from "@auth/core/providers/authentik";
+import MicrosoftEntraID from "@auth/core/providers/microsoft-entra-id"
+
 export default {
   providers: [
     {
diff --git a/packages/backend/convex/auth.ts b/packages/backend/convex/auth.ts
index 77a4936..fef8e5e 100644
--- a/packages/backend/convex/auth.ts
+++ b/packages/backend/convex/auth.ts
@@ -9,9 +9,28 @@ import { api } from './_generated/api';
 import { type Id } from './_generated/dataModel';
 import { action, mutation, query } from './_generated/server';
 import Password from './CustomPassword';
+import Authentik from '@auth/core/providers/authentik';
+import MicrosoftEntraID from '@auth/core/providers/microsoft-entra-id'
 
 export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
-  providers: [Password],
+  providers: [
+    Password,
+    Authentik,
+    MicrosoftEntraID({
+      clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID!,
+      clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET!,
+      // Either a tenant GUID, or "common" / "organizations" / "consumers"
+      issuer: process.env.AUTH_MICROSOFT_ENTRA_ID_ISSUER!,
+      // Optional, but providing an object prevents the undefined read:
+      profilePhotoSize: 48,
+      // Optional: request email + offline refresh
+      authorization: {
+        params: {
+          scope: 'openid profile email offline_access',
+        },
+      },
+    }),
+  ]
 });
 
 export const PASSWORD_MIN = 8;