Add DEV_AUTH_BYPASS env var to skip SSO in local dev

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 20:19:22 +00:00 · 2026-03-28 20:19:22 +00:00 · c37e6888e2
commit c37e6888e2
parent c47bf46faa
5 changed files with 12 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -2,6 +2,9 @@ POSTGRES_PASSWORD=your_strong_password_here
 ANTHROPIC_API_KEY=your-anthropic-api-key
 AZURE_TENANT_ID=your-azure-tenant-id
 AZURE_CLIENT_ID=your-azure-client-id
+# Set to true to skip SSO in local dev (never use in production)
+DEV_AUTH_BYPASS=
+VITE_DEV_AUTH_BYPASS=
 # Absolute path to the directory containing the GMAL Excel file
 # Defaults to ./data (relative to repo) if not set
 DATA_DIR=/var/www/html/gmal-scope-builder/data
--- a/backend/app/middleware/auth.py
+++ b/backend/app/middleware/auth.py
@ -34,6 +34,9 @@ def _get_jwks() -> dict:
 async def get_current_user(
    credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme),
 ) -> dict:
+    if os.environ.get("DEV_AUTH_BYPASS", "").lower() in ("1", "true", "yes"):
+        return {"oid": "dev-user", "name": "Dev User", "email": "dev@localhost"}
+
    if credentials is None:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated")

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -26,6 +26,7 @@ services:
      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
      AZURE_TENANT_ID: ${AZURE_TENANT_ID}
      AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
+      DEV_AUTH_BYPASS: ${DEV_AUTH_BYPASS:-}
    ports:
      - "127.0.0.1:8002:8000"
    volumes:
--- a/frontend/src/api/client.ts
+++ b/frontend/src/api/client.ts
@ -6,6 +6,8 @@ const api = axios.create({
 });

 api.interceptors.request.use(async (config) => {
+  if (import.meta.env.VITE_DEV_AUTH_BYPASS === 'true') return config;
+
  const accounts = msalInstance.getAllAccounts();
  if (accounts.length === 0) return config;

--- a/frontend/src/auth/AuthProvider.tsx
+++ b/frontend/src/auth/AuthProvider.tsx
@ -50,6 +50,9 @@ function RedirectHandler({ children }: { children: React.ReactNode }) {
 }

 export function AuthProvider({ children }: { children: React.ReactNode }) {
+  if (import.meta.env.VITE_DEV_AUTH_BYPASS === 'true') {
+    return <>{children}</>;
+  }
  return (
    <MsalProvider instance={msalInstance}>
      <RedirectHandler>{children}</RedirectHandler>