solventum-image-metadata

Oliver/solventum-image-metadata

Fork 0

Commit graph

Author	SHA1	Message	Date
SamoilenkoVadym	5f5c04471c	feat(sso): migrate to client-side MSAL flow without client secret Backend changes: - Add PyJWT for Azure AD id_token validation - Add validate_azure_id_token() function in core/auth.py - Replace /microsoft/login and /microsoft/callback with /microsoft/login POST - New endpoint validates id_token from frontend (no Graph API calls) - Support PublicClientApplication (no client secret needed) Frontend changes: - Add @azure/msal-browser and @azure/msal-react dependencies - Create msalConfig.ts with MSAL configuration - Wrap App with MsalProvider - Update LoginPage to use useMsal hook and loginPopup - Remove OAuthCallback handler (MSAL handles redirect) - Frontend gets id_token from Microsoft, sends to backend Benefits: - ✅ Works without AZURE_CLIENT_SECRET (matches apac-ops-bot) - ✅ More secure (no secret in backend) - ✅ Simpler backend (just JWT validation) - ✅ Better UX (MSAL handles popups, silent refresh) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2026-02-09 17:25:34 +00:00
SamoilenkoVadym	9247536f4d	feat(auth): support SSO without client secret using PublicClientApplication - Use PublicClientApplication when AZURE_CLIENT_SECRET not set - Allows SPA-style auth flow without backend secret - Falls back to ConfidentialClientApplication when secret provided - Matches configuration from other Oliver apps Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2026-02-09 17:16:08 +00:00
SamoilenkoVadym	563d476a94	feat(backend): migrate from Flask to FastAPI with Redis sessions - Create FastAPI application with async I/O - Implement Redis session storage (fixes session loss on restart) - Add JWT authentication with refresh tokens - Add Microsoft SSO support via MSAL - Copy all processors from src/ (100% reused, no changes) - Create file upload/download endpoints - Create metadata update endpoints - Create template CRUD endpoints - Add SQLAlchemy async database models - Add Docker Compose configuration with Redis Solves critical issues: - Session management: Redis replaces in-memory dicts - Scalability: Async FastAPI + microservices architecture - File handling: Persistent storage with auto-cleanup Key files: - backend/app/main.py - FastAPI entry point - backend/app/core/redis_client.py - Session store - backend/app/core/auth.py - JWT authentication - backend/app/api/* - All REST endpoints - backend/app/processors/ - Reused from src/ Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2026-02-09 13:14:37 +00:00

Author

SHA1

Message

Date

SamoilenkoVadym

5f5c04471c

feat(sso): migrate to client-side MSAL flow without client secret

Backend changes:
- Add PyJWT for Azure AD id_token validation
- Add validate_azure_id_token() function in core/auth.py
- Replace /microsoft/login and /microsoft/callback with /microsoft/login POST
- New endpoint validates id_token from frontend (no Graph API calls)
- Support PublicClientApplication (no client secret needed)

Frontend changes:
- Add @azure/msal-browser and @azure/msal-react dependencies
- Create msalConfig.ts with MSAL configuration
- Wrap App with MsalProvider
- Update LoginPage to use useMsal hook and loginPopup
- Remove OAuthCallback handler (MSAL handles redirect)
- Frontend gets id_token from Microsoft, sends to backend

Benefits:
- ✅ Works without AZURE_CLIENT_SECRET (matches apac-ops-bot)
- ✅ More secure (no secret in backend)
- ✅ Simpler backend (just JWT validation)
- ✅ Better UX (MSAL handles popups, silent refresh)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2026-02-09 17:25:34 +00:00

SamoilenkoVadym

9247536f4d

feat(auth): support SSO without client secret using PublicClientApplication

- Use PublicClientApplication when AZURE_CLIENT_SECRET not set
- Allows SPA-style auth flow without backend secret
- Falls back to ConfidentialClientApplication when secret provided
- Matches configuration from other Oliver apps

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2026-02-09 17:16:08 +00:00

SamoilenkoVadym

563d476a94

feat(backend): migrate from Flask to FastAPI with Redis sessions

- Create FastAPI application with async I/O
- Implement Redis session storage (fixes session loss on restart)
- Add JWT authentication with refresh tokens
- Add Microsoft SSO support via MSAL
- Copy all processors from src/ (100% reused, no changes)
- Create file upload/download endpoints
- Create metadata update endpoints
- Create template CRUD endpoints
- Add SQLAlchemy async database models
- Add Docker Compose configuration with Redis

Solves critical issues:
- Session management: Redis replaces in-memory dicts
- Scalability: Async FastAPI + microservices architecture
- File handling: Persistent storage with auto-cleanup

Key files:
- backend/app/main.py - FastAPI entry point
- backend/app/core/redis_client.py - Session store
- backend/app/core/auth.py - JWT authentication
- backend/app/api/* - All REST endpoints
- backend/app/processors/ - Reused from src/

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2026-02-09 13:14:37 +00:00

3 commits