Implement tenant import and RP auto login policies

orgfront/tests/orgfront-auto-login.spec.ts

@@ -0,0 +1,43 @@
+import { expect, test } from "@playwright/test";
+
+test("orgfront login auto parameter starts OIDC authorization", async ({
+  page,
+}) => {
+  let authorizationURL = "";
+
+  await page.route(
+    "http://localhost:5000/oidc/.well-known/openid-configuration",
+    async (route) => {
+      await route.fulfill({
+        json: {
+          issuer: "http://localhost:5000/oidc",
+          authorization_endpoint: "http://localhost:5000/oidc/oauth2/auth",
+          token_endpoint: "http://localhost:5000/oidc/oauth2/token",
+          jwks_uri: "http://localhost:5000/oidc/.well-known/jwks.json",
+          userinfo_endpoint: "http://localhost:5000/oidc/userinfo",
+        },
+        headers: { "Access-Control-Allow-Origin": "*" },
+      });
+    },
+  );
+
+  await page.route("http://localhost:5000/oidc/oauth2/auth**", async (route) => {
+    authorizationURL = route.request().url();
+    await route.fulfill({
+      contentType: "text/html",
+      body: "<!doctype html><title>Authorization captured</title>",
+    });
+  });
+
+  await page.goto("/login?auto=1&returnTo=%2Fpicker");
+
+  await expect.poll(() => authorizationURL).toContain("/oauth2/auth");
+
+  const parsed = new URL(authorizationURL);
+  expect(parsed.searchParams.get("client_id")).toBe("orgfront");
+  expect(parsed.searchParams.get("redirect_uri")).toBe(
+    "http://localhost:5175/auth/callback",
+  );
+  expect(parsed.searchParams.get("response_type")).toBe("code");
+  expect(parsed.searchParams.get("scope") ?? "").toContain("openid");
+});