Fix MSAL redirect_uri to match Azure AD registered URI

Change redirect_uri to app root (without /auth.php) to match what's registered in Azure portal. Use relative URLs for auth fetch and reload on success instead of computed absolute paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-02 20:39:12 +00:00 · 2026-03-02 20:39:12 +00:00 · 0280b94154
commit 0280b94154
parent 53e9365c01
3 changed files with 4 additions and 4 deletions
--- a/AuthMiddleware.php
+++ b/AuthMiddleware.php
@ -289,7 +289,7 @@ class AuthMiddleware {
                        });

                        // Send token to server
-                        const response = await fetch('<?php echo rtrim(dirname($this->redirectUri), '/'); ?>/auth.php?action=login', {
+                        const response = await fetch('auth.php?action=login', {
                            method: 'POST',
                            headers: {
                                'Content-Type': 'application/json'
@ -302,7 +302,7 @@ class AuthMiddleware {
                        const result = await response.json();

                        if (result.success) {
-                            window.location.href = '<?php echo rtrim(dirname($this->redirectUri), '/'); ?>/';
+                            window.location.reload();
                        } else {
                            alert('Login failed: ' + result.message);
                        }
--- a/auth.php
+++ b/auth.php
@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'logout') {

    // Build Azure AD logout URL
    $tenantId = $config['sso']['tenant_id'];
-    $postLogoutRedirect = urlencode('https://ai-sandbox.oliver.solutions/loreal-global-kickoff/');
+    $postLogoutRedirect = urlencode('https://ai-sandbox.oliver.solutions/loreal-global-kickoff');
    $logoutUrl = "https://login.microsoftonline.com/{$tenantId}/oauth2/v2.0/logout?post_logout_redirect_uri={$postLogoutRedirect}";

    header('Location: ' . $logoutUrl);
--- a/config.php
+++ b/config.php
@ -12,7 +12,7 @@ return [
        // Azure AD Configuration (for production use)
        'tenant_id' => 'e519c2e6-bc6d-4fdf-8d9c-923c2f002385',
        'client_id' => '9079054c-9620-4757-a256-23413042f1ef',
-        'redirect_uri' => 'https://ai-sandbox.oliver.solutions/loreal-global-kickoff/auth.php',
+        'redirect_uri' => 'https://ai-sandbox.oliver.solutions/loreal-global-kickoff',

        // Local development user (used when SSO is disabled)
        'local_user' => [