Current authentication routes in api-server: local login, registration and signup, refresh, profile, API keys, OAuth, TOTP, and workspace preference endpoints. The auth controller currently exposes local auth, OAuth, TOTP, profile updates, and API key management under /auth.

Endpoints

AreaEndpoints
Local authPOST /auth/login, POST /auth/refresh, POST /auth/logout
Registration, signup, and recoveryPOST /auth/register (development only), POST /auth/signup, POST /auth/verify-email, POST /auth/forgot-password, POST /auth/reset-password, POST /auth/resend-verification
ProfileGET /auth/profile, PATCH /auth/profile, POST /auth/avatar, POST /auth/change-password
API keysGET /auth/api-keys, POST /auth/api-keys, PATCH /auth/api-keys/{id}, DELETE /auth/api-keys/{id}
OAuthGET /auth/google, GET /auth/google/callback, GET /auth/github, GET /auth/github/callback
TOTPPOST /auth/totp/setup, POST /auth/totp/verify-setup, POST /auth/totp/verify, POST /auth/totp/disable
Workspace preferenceGET /auth/workspaces, PATCH /auth/workspace

Key Pages