Refactor authentication architecture: separate Auth config from Identity models

Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>

Author: Copilot

content/docs/references/misc/identity/AuthProtocol.mdx

@@ -0,0 +1,13 @@
+---
+title: AuthProtocol
+description: AuthProtocol Schema Reference
+---
+
+## Allowed Values
+
+* `oidc`
+* `saml`
+* `ldap`
+* `oauth2`
+* `local`
+* `mock`

content/docs/references/misc/identity/AuthProvider.mdx

@@ -0,0 +1,16 @@
+---
+title: AuthProvider
+description: AuthProvider Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **name** | `string` | ✅ | Provider ID |
+| **label** | `string` | ✅ | Button Label (e.g. "Login with Okta") |
+| **type** | `Enum<'oidc' \| 'saml' \| 'ldap' \| 'oauth2' \| 'local' \| 'mock'>` | ✅ |  |
+| **config** | `object \| object \| object \| Record<string, any>` | ✅ | Provider specific configuration |
+| **icon** | `string` | optional | Icon URL or helper class |
+| **active** | `boolean` | optional |  |
+| **registrationEnabled** | `boolean` | optional | Allow new users to sign up via this provider |

content/docs/references/system/Account.mdx

@@ -0,0 +1,23 @@
+---
+title: Account
+description: Account Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **id** | `string` | ✅ | Unique account identifier |
+| **userId** | `string` | ✅ | Associated user ID |
+| **type** | `Enum<'oauth' \| 'oidc' \| 'email' \| 'credentials' \| 'saml' \| 'ldap'>` | ✅ | Account type |
+| **provider** | `string` | ✅ | Provider name |
+| **providerAccountId** | `string` | ✅ | Provider account ID |
+| **refreshToken** | `string` | optional | OAuth refresh token |
+| **accessToken** | `string` | optional | OAuth access token |
+| **expiresAt** | `number` | optional | Token expiry timestamp (Unix) |
+| **tokenType** | `string` | optional | OAuth token type |
+| **scope** | `string` | optional | OAuth scope |
+| **idToken** | `string` | optional | OAuth ID token |
+| **sessionState** | `string` | optional | Session state |
+| **createdAt** | `string` | ✅ | Account creation timestamp |
+| **updatedAt** | `string` | ✅ | Last update timestamp |

content/docs/references/system/AuthConfig.mdx

@@ -22,6 +22,7 @@ description: AuthConfig Schema Reference
 | **csrf** | `object` | optional |  |
 | **accountLinking** | `object` | optional |  |
 | **twoFactor** | `object` | optional |  |
+| **enterprise** | `object` | optional |  |
 | **userFieldMapping** | `object` | optional |  |
 | **database** | `object` | optional |  |
 | **plugins** | `object[]` | optional |  |

content/docs/references/system/EnterpriseAuthConfig.mdx

@@ -0,0 +1,12 @@
+---
+title: EnterpriseAuthConfig
+description: EnterpriseAuthConfig Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **oidc** | `object` | optional | OpenID Connect configuration |
+| **saml** | `object` | optional | SAML 2.0 configuration |
+| **ldap** | `object` | optional | LDAP/Active Directory configuration |

content/docs/references/system/Session.mdx

@@ -0,0 +1,18 @@
+---
+title: Session
+description: Session Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **id** | `string` | ✅ | Unique session identifier |
+| **sessionToken** | `string` | ✅ | Session token |
+| **userId** | `string` | ✅ | Associated user ID |
+| **expires** | `string` | ✅ | Session expiry timestamp |
+| **createdAt** | `string` | ✅ | Session creation timestamp |
+| **updatedAt** | `string` | ✅ | Last update timestamp |
+| **ipAddress** | `string` | optional | IP address |
+| **userAgent** | `string` | optional | User agent string |
+| **fingerprint** | `string` | optional | Device fingerprint |

content/docs/references/system/User.mdx

@@ -0,0 +1,16 @@
+---
+title: User
+description: User Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **id** | `string` | ✅ | Unique user identifier |
+| **email** | `string` | ✅ | User email address |
+| **emailVerified** | `boolean` | optional | Whether email is verified |
+| **name** | `string` | optional | User display name |
+| **image** | `string` | optional | Profile image URL |
+| **createdAt** | `string` | ✅ | Account creation timestamp |
+| **updatedAt** | `string` | ✅ | Last update timestamp |

content/docs/references/system/VerificationToken.mdx

@@ -0,0 +1,13 @@
+---
+title: VerificationToken
+description: VerificationToken Schema Reference
+---
+
+## Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **identifier** | `string` | ✅ | Token identifier (email or phone) |
+| **token** | `string` | ✅ | Verification token |
+| **expires** | `string` | ✅ | Token expiry timestamp |
+| **createdAt** | `string` | ✅ | Token creation timestamp |

content/docs/references/system/identity/LDAPConfig.mdx

@@ -7,9 +7,12 @@ description: LDAPConfig Schema Reference
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | optional |  |
 | **url** | `string` | ✅ | LDAP Server URL (ldap:// or ldaps://) |
-| **bindDn** | `string` | ✅ |  |
-| **bindCredentials** | `string` | ✅ |  |
-| **searchBase** | `string` | ✅ |  |
-| **searchFilter** | `string` | ✅ |  |
-| **groupSearchBase** | `string` | optional |  |
+| **bindDn** | `string` | ✅ | Bind DN for LDAP authentication |
+| **bindCredentials** | `string` | ✅ | Bind credentials |
+| **searchBase** | `string` | ✅ | Search base DN |
+| **searchFilter** | `string` | ✅ | Search filter |
+| **groupSearchBase** | `string` | optional | Group search base DN |
+| **displayName** | `string` | optional | Display name for the provider button |
+| **icon** | `string` | optional | Icon URL or identifier |

content/docs/references/system/identity/OIDCConfig.mdx

@@ -7,8 +7,11 @@ description: OIDCConfig Schema Reference
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | optional |  |
 | **issuer** | `string` | ✅ | OIDC Issuer URL (.well-known/openid-configuration) |
-| **clientId** | `string` | ✅ |  |
-| **clientSecret** | `string` | ✅ |  |
-| **scopes** | `string[]` | optional |  |
+| **clientId** | `string` | ✅ | OIDC client ID |
+| **clientSecret** | `string` | ✅ | OIDC client secret |
+| **scopes** | `string[]` | optional | OIDC scopes |
 | **attributeMapping** | `Record<string, string>` | optional | Map IdP claims to User fields |
+| **displayName** | `string` | optional | Display name for the provider button |
+| **icon** | `string` | optional | Icon URL or identifier |