Oliver/brief-extractor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
brief-extractor/backend/server/ENV_EXAMPLE.md
djp1971 7b1da4f680 Initial backup of site
2026-03-06 18:42:46 +00:00

3.8 KiB
Raw Permalink Blame History

Backend Environment Configuration

Production Deployment Requirements

For production deployment at https://ai-sandbox.oliver.solutions/brief-extractor-back, your backend .env file must have:

Required Settings

# CRITICAL: Set to false for production!
DEV_MODE=false

# MSAL Authentication (Azure AD) - PKCE Flow (Public Client)
MSAL_CLIENT_ID=your-azure-ad-client-id
MSAL_CLIENT_SECRET=placeholder-client-secret  # Not used for PKCE flow
MSAL_TENANT_ID=your-azure-ad-tenant-id
MSAL_REDIRECT_URI=https://ai-sandbox.oliver.solutions/brief-extractor/
MSAL_AUTHORITY=https://login.microsoftonline.com/your-azure-ad-tenant-id

# Server Configuration
SERVER_HOST=0.0.0.0
SERVER_PORT=8000
SERVER_WORKERS=2

# CORS - Allow frontend domain
ALLOWED_ORIGINS=https://ai-sandbox.oliver.solutions

# Security
SESSION_SECRET=your-random-session-secret-here
SECURE_COOKIES=true
HTTPS_ONLY=true

# Job Processing
MAX_CONCURRENT_JOBS=2
FILE_RETENTION_HOURS=24

# Upload Limits
MAX_UPLOAD_SIZE_MB=200

Current Issue

Your backend is returning devMode: true because:

  1. Line 23 in server/config_runtime.py defaults DEV_MODE to 'true'
  2. Your backend .env file either:
    • Doesn't have DEV_MODE=false
    • Or has DEV_MODE=true

Fix Steps

  1. Locate backend .env file (should be in /server/.env or project root)

  2. Add or update this line:

    DEV_MODE=false

  3. Verify MSAL settings are configured:

    • Get these from Azure Portal → Azure AD → App Registrations
    • MSAL_CLIENT_ID: Application (client) ID
    • MSAL_TENANT_ID: Directory (tenant) ID
    • MSAL_CLIENT_SECRET: Create in "Certificates & secrets"

  4. Update redirect URI:

    MSAL_REDIRECT_URI=https://ai-sandbox.oliver.solutions/brief-extractor/auth/callback

    Also add this redirect URI in Azure Portal:

    • Go to your App Registration
    • Authentication → Platform configurations → Add a platform
    • Select "Single-page application"
    • Add URL: https://ai-sandbox.oliver.solutions/brief-extractor/auth/callback

  5. Restart backend server for changes to take effect

Verification

After restarting, visit:

https://ai-sandbox.oliver.solutions/brief-extractor-back/api/auth/config

Should return:

{
  "config": {
    "clientId": "your-actual-client-id",
    "authority": "https://login.microsoftonline.com/your-tenant-id",
    "redirectUri": "https://ai-sandbox.oliver.solutions/brief-extractor/auth/callback",
    "devMode": false
  },
  "devMode": false
}

If devMode: true, the backend .env file needs DEV_MODE=false.

Azure AD App Registration Configuration

Required API Permissions

  • Microsoft Graph → User.Read (delegated)

Supported Account Types

  • Accounts in this organizational directory only (Single tenant)
  • Or: Accounts in any organizational directory (Multi-tenant)

Authentication Platform

  • Platform: Single-page application
  • Redirect URI: https://ai-sandbox.oliver.solutions/brief-extractor/auth/callback
  • Enable implicit flow: ID tokens ✓

Certificates & Secrets

  • Create new client secret
  • Copy value immediately (can't view again)
  • Use as MSAL_CLIENT_SECRET in .env

Troubleshooting

Login redirects but fails

  • Check redirect URI matches exactly in both:
    • Backend .envMSAL_REDIRECT_URI
    • Azure Portal → App Registration → Authentication

"Invalid client" error

  • Verify MSAL_CLIENT_ID matches Azure Portal App Registration ID
  • Check MSAL_CLIENT_SECRET is correct and not expired

CSP errors in console

  • These are from Microsoft's auth pages (Report-Only mode)
  • They won't block authentication, just warnings

Still shows "Development Mode"

  • Backend .env has DEV_MODE=true or missing DEV_MODE=false
  • Backend server not restarted after .env change
  • Wrong .env file being loaded (check file location)