Oliver/wsj-filenaming
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9 commits 1 branch 0 tags 178 KiB
Commit graph

4 commits

Author SHA1 Message Date
Vadym Samoilenko
f4b4630826 Add msalInstance.initialize() before MSAL API calls 
MSAL Browser 2.28+ requires explicit initialize() before handleRedirectPromise()
or loginRedirect(). Without it the authorization request is generated with
missing parameters, causing AADSTS90014.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-03 09:50:38 +00:00
Vadym Samoilenko
cee80cc8c9 Enable storeAuthStateInCookie to fix AADSTS90014 error 
MSAL fails to persist PKCE state in sessionStorage across redirects
in some browsers. Cookie fallback ensures auth state survives the
Azure AD redirect loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-03 09:45:13 +00:00
Vadym Samoilenko
74ffaf575a Fix MSAL CDN version: 2.38.3 → 2.32.2 (known stable) 2026-03-02 21:49:38 +00:00
Vadym Samoilenko
523be058aa Add Azure AD / MSAL SSO authentication 
- config.php: Azure tenant/client constants, SSO_ENABLED = true
- auth.php: requireAuth() middleware, getSafeUser(), getUserDataFile()
- auth_gate.php: MSAL.js PKCE login flow, stores return URL in sessionStorage
- logout.php: destroys PHP session + calls msalInstance.logoutRedirect()
- api.php: public create_session endpoint (JWT validation), 401 guard on all other actions, per-user data files (data_{safeUser}.json)
- sheet_helpers.php: fix dot sanitisation '_' → '_dot_' to match getSafeUser()
- index/builder/help.php: requireAuth() at top, user email + Sign Out in header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 21:43:32 +00:00