From 117a68a223ae0f67003677f894e0ad14efc048a2 Mon Sep 17 00:00:00 2001
From: michael <michael@modernfreedom.com>
Date: Tue, 18 Nov 2025 09:27:13 -0600
Subject: [PATCH] Configure MSAL redirect URI explicitly via environment
 variables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added VITE_REDIRECT_URI and VITE_REDIRECT_URI_DEV environment variables to provide explicit control over Azure AD redirect URIs. Updated authConfig.js to use these variables with automatic environment detection (development vs production).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .env.example               |  6 ++++++
 frontend/src/authConfig.js | 11 +++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 1c78e93..0cf3f01 100644
--- a/.env.example
+++ b/.env.example
@@ -27,3 +27,9 @@ VITE_BASE_PATH=/dashboard/
 VITE_BACKEND_PORT=5001
 VITE_AZURE_TENANT_ID=your-tenant-id-here
 VITE_AZURE_CLIENT_ID=your-client-id-here
+
+# Azure AD Redirect URIs
+# Production redirect URI - must match what's registered in Azure AD
+VITE_REDIRECT_URI=https://yourdomain.com/dashboard/
+# Development redirect URI (used when running locally)
+VITE_REDIRECT_URI_DEV=http://localhost:5173
diff --git a/frontend/src/authConfig.js b/frontend/src/authConfig.js
index 0a612a2..267d5f0 100644
--- a/frontend/src/authConfig.js
+++ b/frontend/src/authConfig.js
@@ -4,12 +4,19 @@ import { LogLevel } from '@azure/msal-browser';
 const tenantId = import.meta.env.VITE_AZURE_TENANT_ID || 'e519c2e6-bc6d-4fdf-8d9c-923c2f002385';
 const clientId = import.meta.env.VITE_AZURE_CLIENT_ID || '014547f2-21c1-4245-881f-97f49543d963';
 
+// Determine redirect URI based on environment
+// In development, use VITE_REDIRECT_URI_DEV; in production, use VITE_REDIRECT_URI
+const isDevelopment = import.meta.env.DEV;
+const redirectUri = isDevelopment
+  ? (import.meta.env.VITE_REDIRECT_URI_DEV || 'http://localhost:5173')
+  : (import.meta.env.VITE_REDIRECT_URI || window.location.origin);
+
 export const msalConfig = {
   auth: {
     clientId: clientId,
     authority: `https://login.microsoftonline.com/${tenantId}`,
-    redirectUri: window.location.origin,
-    postLogoutRedirectUri: window.location.origin,
+    redirectUri: redirectUri,
+    postLogoutRedirectUri: redirectUri,
     navigateToLoginRequestUrl: false
   },
   cache: {