Fix MSAL redirectUri to match Azure AD registration

redirectUri = https://ai-sandbox.oliver.solutions/solventum-image-metadata/ (app root, not /login or /auth/callback) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-09 21:46:11 +00:00 · 2026-02-09 21:46:11 +00:00 · 154658f5d7
commit 154658f5d7
parent eaa12be728
2 changed files with 4 additions and 4 deletions
--- a/.env.example
+++ b/.env.example
@ -12,9 +12,9 @@ ROOT_PATH=/solventum-image-metadata
 # === Azure AD / SSO ===
 AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
 AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
-AZURE_CLIENT_SECRET=YOUR_AZURE_CLIENT_SECRET_HERE
-# Must match Azure AD App Registration > Authentication > Redirect URIs exactly
-REDIRECT_URI=https://ai-sandbox.oliver.solutions/solventum-image-metadata/auth/callback
+# AZURE_CLIENT_SECRET is not needed (client-side MSAL.js flow)
+# Must match Azure AD App Registration > Authentication > SPA Redirect URIs exactly
+REDIRECT_URI=https://ai-sandbox.oliver.solutions/solventum-image-metadata/

 # === OpenAI (optional — for AI metadata generation) ===
 OPENAI_API_KEY=
--- a/templates/login.html
+++ b/templates/login.html
@ -316,7 +316,7 @@
                    auth: {
                        clientId: "{{ azure_client_id }}",
                        authority: "https://login.microsoftonline.com/{{ azure_tenant_id }}",
-                        redirectUri: window.location.origin + "{{ base }}/login",
+                        redirectUri: window.location.origin + "{{ base }}/",
                    },
                    cache: {
                        cacheLocation: "sessionStorage",