Merge branch 'main' into feat/299_plz

docs/admin-bootstrap-and-oidc-role-sync.md

@@ -39,8 +39,8 @@
 
 ### Where It Runs
 
-1. Registration: register_with_rauthy after_action calls OidcRoleSync.
-2. Sign-in: sign_in_with_rauthy prepare after_action calls OidcRoleSync for each user.
+1. Registration: register_with_oidc after_action calls OidcRoleSync.
+2. Sign-in: sign_in_with_oidc prepare after_action calls OidcRoleSync for each user.
 
 ### Internal Action
 

docs/development-progress-log.md

@@ -886,7 +886,7 @@ just regen-migrations <name>
 **Checklist:**
 1. ✅ Rauthy running: `docker compose ps`
 2. ✅ Client created in Rauthy admin panel
-3. ✅ Redirect URI matches exactly: `http://localhost:4000/auth/user/rauthy/callback`
+3. ✅ Redirect URI matches exactly: `http://localhost:4000/auth/user/oidc/callback`
 4. ✅ OIDC_CLIENT_SECRET in .env
 5. ✅ App restarted after .env update
 

docs/feature-roadmap.md

@@ -501,8 +501,8 @@ Since this is a **Phoenix LiveView** application with **Ash Framework**, we have
 |--------|-------|---------|------|---------|----------|
 | `GET` | `/auth/user/password/sign_in` | Show password login form | 🔓 | - | HTML form |
 | `POST` | `/auth/user/password/sign_in` | Submit password login | 🔓 | `{email, password}` | Redirect + session cookie |
-| `GET` | `/auth/user/rauthy` | Initiate OIDC flow | 🔓 | - | Redirect to Rauthy |
-| `GET` | `/auth/user/rauthy/callback` | Handle OIDC callback | 🔓 | `{code, state}` | Redirect + session cookie |
+| `GET` | `/auth/user/oidc` | Initiate OIDC flow | 🔓 | - | Redirect to Rauthy |
+| `GET` | `/auth/user/oidc/callback` | Handle OIDC callback | 🔓 | `{code, state}` | Redirect + session cookie |
 | `POST` | `/auth/user/sign_out` | Sign out user | 🔐 | - | Redirect to login |
 | `GET` | `/auth/link-oidc-account` | OIDC account linking (password verification) | 🔓 | - | LiveView form | ✅ Implemented |
 | `GET` | `/auth/user/password/reset` | Show password reset form | 🔓 | - | HTML form |
@@ -515,9 +515,9 @@ Since this is a **Phoenix LiveView** application with **Ash Framework**, we have
 | Resource | Action | Purpose | Auth | Input | Output |
 |----------|--------|---------|------|-------|--------|
 | `User` | `:sign_in_with_password` | Password authentication | 🔓 | `{email, password}` | `{:ok, user}` or `{:error, reason}` |
-| `User` | `:sign_in_with_rauthy` | OIDC authentication | 🔓 | `{oidc_id, email, user_info}` | `{:ok, user}` or `{:error, reason}` |
+| `User` | `:sign_in_with_oidc` | OIDC authentication | 🔓 | `{oidc_id, email, user_info}` | `{:ok, user}` or `{:error, reason}` |
 | `User` | `:register_with_password` | Create user with password | 🔓 | `{email, password}` | `{:ok, user}` |
-| `User` | `:register_with_rauthy` | Create user via OIDC | 🔓 | `{oidc_id, email}` | `{:ok, user}` |
+| `User` | `:register_with_oidc` | Create user via OIDC | 🔓 | `{oidc_id, email}` | `{:ok, user}` |
 | `User` | `:request_password_reset` | Generate reset token | 🔓 | `{email}` | `{:ok, token}` |
 | `User` | `:reset_password` | Reset password with token | 🔓 | `{token, password}` | `{:ok, user}` |
 | `Token` | `:revoke` | Revoke authentication token | 🔐 | `{jti}` | `{:ok, token}` |

docs/oidc-account-linking.md

@@ -10,10 +10,10 @@ This feature implements secure account linking between password-based accounts a
 
 #### 1. Security Fix: `lib/accounts/user.ex`
 
-**Change**: The `sign_in_with_rauthy` action now filters by `oidc_id` instead of `email`.
+**Change**: The `sign_in_with_oidc` action now filters by `oidc_id` instead of `email`.
 
 ```elixir
-read :sign_in_with_rauthy do
+read :sign_in_with_oidc do
   argument :user_info, :map, allow_nil?: false
   argument :oauth_tokens, :map, allow_nil?: false
   prepare AshAuthentication.Strategy.OAuth2.SignInPreparation