Oliver/solventum-image-metadata
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
solventum-image-metadata/backend/app/core
History
Exact
SamoilenkoVadym 5f5c04471c feat(sso): migrate to client-side MSAL flow without client secret 
Backend changes:
- Add PyJWT for Azure AD id_token validation
- Add validate_azure_id_token() function in core/auth.py
- Replace /microsoft/login and /microsoft/callback with /microsoft/login POST
- New endpoint validates id_token from frontend (no Graph API calls)
- Support PublicClientApplication (no client secret needed)

Frontend changes:
- Add @azure/msal-browser and @azure/msal-react dependencies
- Create msalConfig.ts with MSAL configuration
- Wrap App with MsalProvider
- Update LoginPage to use useMsal hook and loginPopup
- Remove OAuthCallback handler (MSAL handles redirect)
- Frontend gets id_token from Microsoft, sends to backend

Benefits:
-  Works without AZURE_CLIENT_SECRET (matches apac-ops-bot)
-  More secure (no secret in backend)
-  Simpler backend (just JWT validation)
-  Better UX (MSAL handles popups, silent refresh)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
2026-02-09 17:25:34 +00:00
..
__init__.py feat(backend): migrate from Flask to FastAPI with Redis sessions 2026-02-09 13:14:37 +00:00
auth.py feat(sso): migrate to client-side MSAL flow without client secret 2026-02-09 17:25:34 +00:00
database.py feat(backend): migrate from Flask to FastAPI with Redis sessions 2026-02-09 13:14:37 +00:00
redis_client.py feat(backend): migrate from Flask to FastAPI with Redis sessions 2026-02-09 13:14:37 +00:00