feat: enhance OIDC configuration for Azure login and improve error handling in API responses
This commit is contained in:
@@ -46,7 +46,15 @@ migrate((app) => {
|
||||
// Collection did not exist — nothing to drop.
|
||||
}
|
||||
|
||||
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
|
||||
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
|
||||
const clientId = $os.getenv("ENTRA_CLIENT_ID");
|
||||
const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET");
|
||||
|
||||
const hasOidc = !!(clientId && clientSecret);
|
||||
if (!hasOidc) {
|
||||
console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " +
|
||||
"Set the env vars and re-apply the migration to enable Azure login.");
|
||||
}
|
||||
|
||||
// 2. Recreate `team_members` as an auth collection (same name → all existing
|
||||
// `user_id` references in test_results, on_demand_attempts,
|
||||
@@ -75,7 +83,7 @@ migrate((app) => {
|
||||
mfa: { enabled: false, duration: 600, rule: "" },
|
||||
|
||||
oauth2: {
|
||||
enabled: true,
|
||||
enabled: hasOidc,
|
||||
// Map the OIDC userinfo claims onto our fields.
|
||||
mappedFields: {
|
||||
id: "",
|
||||
@@ -83,18 +91,18 @@ migrate((app) => {
|
||||
username: "",
|
||||
avatarURL: "",
|
||||
},
|
||||
providers: [
|
||||
providers: hasOidc ? [
|
||||
{
|
||||
name: "oidc",
|
||||
clientId: $os.getenv("ENTRA_CLIENT_ID"),
|
||||
clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"),
|
||||
clientId: clientId,
|
||||
clientSecret: clientSecret,
|
||||
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
|
||||
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
|
||||
userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
|
||||
displayName: "Microsoft",
|
||||
pkce: true,
|
||||
},
|
||||
],
|
||||
] : [],
|
||||
},
|
||||
|
||||
fields: [
|
||||
|
||||
Reference in New Issue
Block a user