f2f729a50b
- Replace server-side ConfidentialClientApplication + OAuth callback with MSAL browser popup flow (PKCE, no client_secret required) - Backend: add POST /sso-token endpoint that validates Azure AD ID token via Microsoft JWKS, issues session cookie; remove /login + /callback - Frontend: install @azure/msal-browser + @azure/msal-react, wrap app with MsalProvider, login page uses loginPopup() → sends id_token to backend - Pass NEXT_PUBLIC_AZURE_* env vars through next.config.mjs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
24 lines
770 B
TypeScript
24 lines
770 B
TypeScript
import { Configuration, PopupRequest } from '@azure/msal-browser';
|
|
|
|
export const msalConfig: Configuration = {
|
|
auth: {
|
|
clientId: process.env.NEXT_PUBLIC_AZURE_CLIENT_ID!,
|
|
authority: `https://login.microsoftonline.com/${process.env.NEXT_PUBLIC_AZURE_TENANT_ID}`,
|
|
redirectUri:
|
|
typeof window !== 'undefined'
|
|
? `${window.location.origin}/ppt-tool/login`
|
|
: 'http://localhost/ppt-tool/login',
|
|
postLogoutRedirectUri:
|
|
typeof window !== 'undefined'
|
|
? `${window.location.origin}/ppt-tool/login`
|
|
: 'http://localhost/ppt-tool/login',
|
|
},
|
|
cache: {
|
|
cacheLocation: 'sessionStorage',
|
|
storeAuthStateInCookie: false,
|
|
},
|
|
};
|
|
|
|
export const loginRequest: PopupRequest = {
|
|
scopes: ['openid', 'profile', 'email'],
|
|
};
|