Oliver/oliver-sales-ops-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
oliver-sales-ops-platform/backend/app/middleware
History
Vadym Samoilenko c7025ee396 feat: enable SSO with email allowlist authorization 
- Add config/allowed_users.yaml as the source of truth for access control
  (email → role mapping, case-insensitive)
- New backend/app/services/allowlist.py loads the YAML and provides lookup()
- auth.py checks the allowlist on every SSO login; denies with 403 if not listed;
  syncs AppUser.role from YAML on each login
- PyYAML added to requirements.txt
- docker-compose mounts ./config:/app/config into the backend container
- Frontend: axios response interceptor catches 403 not_allowlisted and fires
  a custom DOM event; AuthProvider renders a NoAccessPage with Sign out button
- .env.example: clarify DEV_AUTH_BYPASS usage, document ALLOWED_USERS_PATH

Azure AD: add https://optical-dev.oliver.solutions/oliver-sales-ops-platform/
as a SPA redirect URI in app registration 9079054c (done separately by zlalani).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-28 19:27:39 +01:00
..
__init__.py Scaffold V2: 17-stage state machine, Alembic, MSAL, Mermaid stage map 2026-04-27 12:35:03 -04:00
auth.py feat: enable SSO with email allowlist authorization 2026-04-28 19:27:39 +01:00