refactor: make authentication truly transparent proxy

- Pass through ALL Jellyfin responses (success and error) without modification
- Move session capabilities posting to background task (don't block auth response)
- Remove generic error fallbacks - always return Jellyfin's actual response
- Simplify logic: if Jellyfin returns a response, pass it through; if not, return status code only

allstarr/Controllers/JellyfinController.cs

@@ -1830,31 +1830,22 @@ public class JellyfinController : ControllerBase
             _logger.LogInformation("Authentication request received");
             // DO NOT log request body or detailed headers - contains password
             
-            // Forward to Jellyfin server with client headers
+            // Forward to Jellyfin server with client headers - completely transparent proxy
             var (result, statusCode) = await _proxyService.PostJsonAsync("Users/AuthenticateByName", body, Request.Headers);
             
-            if (statusCode != 200)
-            {
-                _logger.LogWarning("Authentication failed - status {StatusCode}", statusCode);
-                
-                // Pass through Jellyfin's error response if available
+            // Pass through Jellyfin's response exactly as-is (transparent proxy)
             if (result != null)
             {
-                    return StatusCode(statusCode, result.RootElement.GetRawText());
-                }
+                var responseJson = result.RootElement.GetRawText();
                 
-                // Fallback to generic error if no response body
-                if (statusCode == 401)
+                // On successful auth, post session capabilities in background
+                if (statusCode == 200)
                 {
-                    return Unauthorized(new { error = "Invalid username or password" });
-                }
-                return StatusCode(statusCode, new { error = "Authentication failed" });
-            }
+                    _logger.LogInformation("Authentication successful, posting session capabilities in background");
                     
-            _logger.LogInformation("Authentication successful");
-            
-            // Post session capabilities immediately after authentication
-            // This ensures Jellyfin creates a session that will show up in the dashboard
+                    // Don't await - do this in background so we return auth response immediately
+                    _ = Task.Run(async () =>
+                    {
                         try
                         {
                             _logger.LogInformation("🔧 Posting session capabilities after authentication");
@@ -1881,10 +1872,22 @@ public class JellyfinController : ControllerBase
                         }
                         catch (Exception ex)
                         {
-                _logger.LogWarning(ex, "Failed to post session capabilities after auth, continuing anyway");
+                            _logger.LogWarning(ex, "Failed to post session capabilities after auth");
+                        }
+                    });
+                }
+                else
+                {
+                    _logger.LogWarning("Authentication failed - status {StatusCode}", statusCode);
                 }
                 
-            return Content(result.RootElement.GetRawText(), "application/json");
+                // Return Jellyfin's exact response
+                return Content(responseJson, "application/json");
+            }
+            
+            // No response body from Jellyfin - return status code only
+            _logger.LogWarning("Authentication request returned {StatusCode} with no response body", statusCode);
+            return StatusCode(statusCode);
         }
         catch (Exception ex)
         {