@solidxai/core 0.1.10-beta.26 → 0.1.10-beta.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +15 -0
- package/CLAUDE.md +26 -0
- package/MICROSOFT_ACTIVE_DIRECTORY_OAUTH_FLOW.md +616 -0
- package/ai-interaction-cleanup.sql +53 -0
- package/dist/constants/error-messages.d.ts +1 -0
- package/dist/constants/error-messages.d.ts.map +1 -1
- package/dist/constants/error-messages.js +1 -0
- package/dist/constants/error-messages.js.map +1 -1
- package/dist/controllers/microsoft-active-directory-authentication.controller.d.ts +28 -0
- package/dist/controllers/microsoft-active-directory-authentication.controller.d.ts.map +1 -0
- package/dist/controllers/microsoft-active-directory-authentication.controller.js +122 -0
- package/dist/controllers/microsoft-active-directory-authentication.controller.js.map +1 -0
- package/dist/controllers/service.controller.d.ts +1 -5
- package/dist/controllers/service.controller.d.ts.map +1 -1
- package/dist/controllers/service.controller.js +6 -11
- package/dist/controllers/service.controller.js.map +1 -1
- package/dist/controllers/test.controller.d.ts +1 -6
- package/dist/controllers/test.controller.d.ts.map +1 -1
- package/dist/controllers/test.controller.js +2 -20
- package/dist/controllers/test.controller.js.map +1 -1
- package/dist/dtos/create-permission-metadata.dto.d.ts.map +1 -1
- package/dist/dtos/create-permission-metadata.dto.js +2 -0
- package/dist/dtos/create-permission-metadata.dto.js.map +1 -1
- package/dist/dtos/create-role-metadata.dto.d.ts +2 -0
- package/dist/dtos/create-role-metadata.dto.d.ts.map +1 -1
- package/dist/dtos/create-role-metadata.dto.js +13 -1
- package/dist/dtos/create-role-metadata.dto.js.map +1 -1
- package/dist/dtos/import-instructions.dto.d.ts +2 -0
- package/dist/dtos/import-instructions.dto.d.ts.map +1 -1
- package/dist/dtos/import-instructions.dto.js +15 -1
- package/dist/dtos/import-instructions.dto.js.map +1 -1
- package/dist/dtos/update-permission-metadata.dto.d.ts.map +1 -1
- package/dist/dtos/update-permission-metadata.dto.js +3 -1
- package/dist/dtos/update-permission-metadata.dto.js.map +1 -1
- package/dist/dtos/update-role-metadata.dto.d.ts +2 -0
- package/dist/dtos/update-role-metadata.dto.d.ts.map +1 -1
- package/dist/dtos/update-role-metadata.dto.js +13 -1
- package/dist/dtos/update-role-metadata.dto.js.map +1 -1
- package/dist/entities/action-metadata.entity.d.ts.map +1 -1
- package/dist/entities/action-metadata.entity.js +1 -0
- package/dist/entities/action-metadata.entity.js.map +1 -1
- package/dist/entities/agent-event.entity.d.ts.map +1 -1
- package/dist/entities/agent-event.entity.js +1 -0
- package/dist/entities/agent-event.entity.js.map +1 -1
- package/dist/entities/agent-session.entity.d.ts.map +1 -1
- package/dist/entities/agent-session.entity.js +1 -0
- package/dist/entities/agent-session.entity.js.map +1 -1
- package/dist/entities/chatter-message.entity.d.ts.map +1 -1
- package/dist/entities/chatter-message.entity.js +2 -0
- package/dist/entities/chatter-message.entity.js.map +1 -1
- package/dist/entities/email-template.entity.d.ts.map +1 -1
- package/dist/entities/email-template.entity.js +1 -0
- package/dist/entities/email-template.entity.js.map +1 -1
- package/dist/entities/field-metadata.entity.d.ts.map +1 -1
- package/dist/entities/field-metadata.entity.js +4 -0
- package/dist/entities/field-metadata.entity.js.map +1 -1
- package/dist/entities/list-of-values.entity.d.ts.map +1 -1
- package/dist/entities/list-of-values.entity.js +4 -0
- package/dist/entities/list-of-values.entity.js.map +1 -1
- package/dist/entities/locale.entity.d.ts.map +1 -1
- package/dist/entities/locale.entity.js +1 -0
- package/dist/entities/locale.entity.js.map +1 -1
- package/dist/entities/media.entity.d.ts.map +1 -1
- package/dist/entities/media.entity.js +1 -0
- package/dist/entities/media.entity.js.map +1 -1
- package/dist/entities/menu-item-metadata.entity.d.ts.map +1 -1
- package/dist/entities/menu-item-metadata.entity.js +2 -0
- package/dist/entities/menu-item-metadata.entity.js.map +1 -1
- package/dist/entities/model-metadata.entity.d.ts.map +1 -1
- package/dist/entities/model-metadata.entity.js +3 -0
- package/dist/entities/model-metadata.entity.js.map +1 -1
- package/dist/entities/module-metadata.entity.d.ts.map +1 -1
- package/dist/entities/module-metadata.entity.js +2 -0
- package/dist/entities/module-metadata.entity.js.map +1 -1
- package/dist/entities/permission-metadata.entity.d.ts.map +1 -1
- package/dist/entities/permission-metadata.entity.js.map +1 -1
- package/dist/entities/role-metadata.entity.d.ts +2 -0
- package/dist/entities/role-metadata.entity.d.ts.map +1 -1
- package/dist/entities/role-metadata.entity.js +10 -2
- package/dist/entities/role-metadata.entity.js.map +1 -1
- package/dist/entities/saved-filters.entity.d.ts.map +1 -1
- package/dist/entities/saved-filters.entity.js +3 -0
- package/dist/entities/saved-filters.entity.js.map +1 -1
- package/dist/entities/scheduled-job.entity.d.ts.map +1 -1
- package/dist/entities/scheduled-job.entity.js +2 -0
- package/dist/entities/scheduled-job.entity.js.map +1 -1
- package/dist/entities/security-rule.entity.d.ts.map +1 -1
- package/dist/entities/security-rule.entity.js +1 -0
- package/dist/entities/security-rule.entity.js.map +1 -1
- package/dist/entities/sms-template.entity.d.ts.map +1 -1
- package/dist/entities/sms-template.entity.js +2 -0
- package/dist/entities/sms-template.entity.js.map +1 -1
- package/dist/entities/user-activity-history.entity.d.ts.map +1 -1
- package/dist/entities/user-activity-history.entity.js +1 -0
- package/dist/entities/user-activity-history.entity.js.map +1 -1
- package/dist/entities/user.entity.d.ts +3 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +15 -1
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/entities/view-metadata.entity.d.ts.map +1 -1
- package/dist/entities/view-metadata.entity.js +2 -0
- package/dist/entities/view-metadata.entity.js.map +1 -1
- package/dist/helpers/microsoft-active-directory-oauth.helper.d.ts +34 -0
- package/dist/helpers/microsoft-active-directory-oauth.helper.d.ts.map +1 -0
- package/dist/helpers/microsoft-active-directory-oauth.helper.js +43 -0
- package/dist/helpers/microsoft-active-directory-oauth.helper.js.map +1 -0
- package/dist/helpers/module.helper.js +0 -5
- package/dist/helpers/module.helper.js.map +1 -1
- package/dist/helpers/user-helper.d.ts.map +1 -1
- package/dist/helpers/user-helper.js +4 -0
- package/dist/helpers/user-helper.js.map +1 -1
- package/dist/index.d.ts +1 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -5
- package/dist/index.js.map +1 -1
- package/dist/interfaces.d.ts +0 -8
- package/dist/interfaces.d.ts.map +1 -1
- package/dist/interfaces.js.map +1 -1
- package/dist/passport-strategies/microsoft-active-directory-oauth.strategy.d.ts +14 -0
- package/dist/passport-strategies/microsoft-active-directory-oauth.strategy.d.ts.map +1 -0
- package/dist/passport-strategies/microsoft-active-directory-oauth.strategy.js +67 -0
- package/dist/passport-strategies/microsoft-active-directory-oauth.strategy.js.map +1 -0
- package/dist/seeders/seed-data/solid-core-metadata.json +317 -814
- package/dist/services/authentication.service.d.ts +12 -0
- package/dist/services/authentication.service.d.ts.map +1 -1
- package/dist/services/authentication.service.js +64 -0
- package/dist/services/authentication.service.js.map +1 -1
- package/dist/services/crud-helper.service.d.ts.map +1 -1
- package/dist/services/crud-helper.service.js +11 -3
- package/dist/services/crud-helper.service.js.map +1 -1
- package/dist/services/import-transaction.service.d.ts.map +1 -1
- package/dist/services/import-transaction.service.js +6 -0
- package/dist/services/import-transaction.service.js.map +1 -1
- package/dist/services/settings/default-settings-provider.service.d.ts +100 -0
- package/dist/services/settings/default-settings-provider.service.d.ts.map +1 -1
- package/dist/services/settings/default-settings-provider.service.js +56 -0
- package/dist/services/settings/default-settings-provider.service.js.map +1 -1
- package/dist/services/user.service.d.ts +2 -0
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +46 -0
- package/dist/services/user.service.js.map +1 -1
- package/dist/solid-core.module.d.ts.map +1 -1
- package/dist/solid-core.module.js +4 -29
- package/dist/solid-core.module.js.map +1 -1
- package/dist/subscribers/scheduled-job.subscriber.js +1 -1
- package/dist/subscribers/scheduled-job.subscriber.js.map +1 -1
- package/dist/subscribers/security-rule.subscriber.js +1 -1
- package/dist/subscribers/security-rule.subscriber.js.map +1 -1
- package/package.json +4 -4
- package/src/constants/error-messages.ts +2 -1
- package/src/controllers/microsoft-active-directory-authentication.controller.ts +104 -0
- package/src/controllers/service.controller.ts +4 -7
- package/src/controllers/test.controller.ts +0 -9
- package/src/dtos/create-permission-metadata.dto.ts +3 -0
- package/src/dtos/create-role-metadata.dto.ts +11 -1
- package/src/dtos/import-instructions.dto.ts +11 -1
- package/src/dtos/update-permission-metadata.dto.ts +4 -1
- package/src/dtos/update-role-metadata.dto.ts +21 -1
- package/src/entities/action-metadata.entity.ts +1 -0
- package/src/entities/agent-event.entity.ts +1 -0
- package/src/entities/agent-session.entity.ts +1 -0
- package/src/entities/chatter-message.entity.ts +2 -0
- package/src/entities/email-template.entity.ts +1 -0
- package/src/entities/field-metadata.entity.ts +4 -1
- package/src/entities/list-of-values.entity.ts +5 -1
- package/src/entities/locale.entity.ts +1 -0
- package/src/entities/media.entity.ts +1 -0
- package/src/entities/menu-item-metadata.entity.ts +2 -0
- package/src/entities/model-metadata.entity.ts +3 -0
- package/src/entities/module-metadata.entity.ts +2 -0
- package/src/entities/permission-metadata.entity.ts +2 -2
- package/src/entities/role-metadata.entity.ts +11 -3
- package/src/entities/saved-filters.entity.ts +3 -0
- package/src/entities/scheduled-job.entity.ts +2 -0
- package/src/entities/security-rule.entity.ts +1 -0
- package/src/entities/sms-template.entity.ts +2 -0
- package/src/entities/user-activity-history.entity.ts +1 -0
- package/src/entities/user.entity.ts +15 -1
- package/src/entities/view-metadata.entity.ts +2 -0
- package/src/helpers/microsoft-active-directory-oauth.helper.ts +83 -0
- package/src/helpers/module.helper.ts +5 -5
- package/src/helpers/user-helper.ts +5 -1
- package/src/index.ts +1 -5
- package/src/interfaces.ts +0 -8
- package/src/passport-strategies/microsoft-active-directory-oauth.strategy.ts +63 -0
- package/src/seeders/seed-data/solid-core-metadata.json +317 -814
- package/src/services/1.js +6 -0
- package/src/services/authentication.service.ts +78 -0
- package/src/services/crud-helper.service.ts +9 -3
- package/src/services/import-transaction.service.ts +11 -1
- package/src/services/settings/default-settings-provider.service.ts +59 -0
- package/src/services/user.service.ts +61 -0
- package/src/solid-core.module.ts +4 -31
- package/src/subscribers/scheduled-job.subscriber.ts +1 -1
- package/src/subscribers/security-rule.subscriber.ts +1 -1
- package/dist/commands/ingest.command.d.ts +0 -16
- package/dist/commands/ingest.command.d.ts.map +0 -1
- package/dist/commands/ingest.command.js +0 -50
- package/dist/commands/ingest.command.js.map +0 -1
- package/dist/controllers/ai-interaction.controller.d.ts +0 -29
- package/dist/controllers/ai-interaction.controller.d.ts.map +0 -1
- package/dist/controllers/ai-interaction.controller.js +0 -218
- package/dist/controllers/ai-interaction.controller.js.map +0 -1
- package/dist/dtos/create-ai-interaction.dto.d.ts +0 -23
- package/dist/dtos/create-ai-interaction.dto.d.ts.map +0 -1
- package/dist/dtos/create-ai-interaction.dto.js +0 -149
- package/dist/dtos/create-ai-interaction.dto.js.map +0 -1
- package/dist/dtos/invoke-ai-prompt.dto.d.ts +0 -5
- package/dist/dtos/invoke-ai-prompt.dto.d.ts.map +0 -1
- package/dist/dtos/invoke-ai-prompt.dto.js +0 -30
- package/dist/dtos/invoke-ai-prompt.dto.js.map +0 -1
- package/dist/dtos/update-ai-interaction.dto.d.ts +0 -24
- package/dist/dtos/update-ai-interaction.dto.d.ts.map +0 -1
- package/dist/dtos/update-ai-interaction.dto.js +0 -150
- package/dist/dtos/update-ai-interaction.dto.js.map +0 -1
- package/dist/entities/ai-interaction.entity.d.ts +0 -24
- package/dist/entities/ai-interaction.entity.d.ts.map +0 -1
- package/dist/entities/ai-interaction.entity.js +0 -116
- package/dist/entities/ai-interaction.entity.js.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-publisher-database.service.d.ts +0 -11
- package/dist/jobs/database/trigger-mcp-client-publisher-database.service.d.ts.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-publisher-database.service.js +0 -39
- package/dist/jobs/database/trigger-mcp-client-publisher-database.service.js.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-queue-options.d.ts +0 -8
- package/dist/jobs/database/trigger-mcp-client-queue-options.d.ts.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-queue-options.js +0 -10
- package/dist/jobs/database/trigger-mcp-client-queue-options.js.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-subscriber-database.service.d.ts +0 -25
- package/dist/jobs/database/trigger-mcp-client-subscriber-database.service.d.ts.map +0 -1
- package/dist/jobs/database/trigger-mcp-client-subscriber-database.service.js +0 -222
- package/dist/jobs/database/trigger-mcp-client-subscriber-database.service.js.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-publisher.service.d.ts +0 -11
- package/dist/jobs/rabbitmq/trigger-mcp-client-publisher.service.d.ts.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-publisher.service.js +0 -39
- package/dist/jobs/rabbitmq/trigger-mcp-client-publisher.service.js.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-queue-options.d.ts +0 -8
- package/dist/jobs/rabbitmq/trigger-mcp-client-queue-options.d.ts.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-queue-options.js +0 -10
- package/dist/jobs/rabbitmq/trigger-mcp-client-queue-options.js.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-subscriber.service.d.ts +0 -18
- package/dist/jobs/rabbitmq/trigger-mcp-client-subscriber.service.d.ts.map +0 -1
- package/dist/jobs/rabbitmq/trigger-mcp-client-subscriber.service.js +0 -103
- package/dist/jobs/rabbitmq/trigger-mcp-client-subscriber.service.js.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-publisher-redis.service.d.ts +0 -11
- package/dist/jobs/redis/trigger-mcp-client-publisher-redis.service.d.ts.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-publisher-redis.service.js +0 -39
- package/dist/jobs/redis/trigger-mcp-client-publisher-redis.service.js.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-queue-options-redis.d.ts +0 -8
- package/dist/jobs/redis/trigger-mcp-client-queue-options-redis.d.ts.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-queue-options-redis.js +0 -10
- package/dist/jobs/redis/trigger-mcp-client-queue-options-redis.js.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-subscriber-redis.service.d.ts +0 -18
- package/dist/jobs/redis/trigger-mcp-client-subscriber-redis.service.d.ts.map +0 -1
- package/dist/jobs/redis/trigger-mcp-client-subscriber-redis.service.js +0 -103
- package/dist/jobs/redis/trigger-mcp-client-subscriber-redis.service.js.map +0 -1
- package/dist/repository/ai-interaction.repository.d.ts +0 -12
- package/dist/repository/ai-interaction.repository.d.ts.map +0 -1
- package/dist/repository/ai-interaction.repository.js +0 -34
- package/dist/repository/ai-interaction.repository.js.map +0 -1
- package/dist/services/ai-interaction.service.d.ts +0 -23
- package/dist/services/ai-interaction.service.d.ts.map +0 -1
- package/dist/services/ai-interaction.service.js +0 -217
- package/dist/services/ai-interaction.service.js.map +0 -1
- package/dist/services/genai/ingest-metadata.service.d.ts +0 -38
- package/dist/services/genai/ingest-metadata.service.d.ts.map +0 -1
- package/dist/services/genai/ingest-metadata.service.js +0 -542
- package/dist/services/genai/ingest-metadata.service.js.map +0 -1
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.d.ts +0 -9
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.d.ts.map +0 -1
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.js +0 -39
- package/dist/services/genai/mcp-handlers/mcp-handler-factory.service.js.map +0 -1
- package/dist/services/genai/r2r-helper.service.d.ts +0 -9
- package/dist/services/genai/r2r-helper.service.d.ts.map +0 -1
- package/dist/services/genai/r2r-helper.service.js +0 -40
- package/dist/services/genai/r2r-helper.service.js.map +0 -1
- package/dist-tests/api/authenticate.spec.js +0 -119
- package/dist-tests/api/authenticate.spec.js.map +0 -1
- package/dist-tests/api/crud-service.findOne.cityMaster.spec.js +0 -97
- package/dist-tests/api/crud-service.findOne.cityMaster.spec.js.map +0 -1
- package/dist-tests/api/ping.spec.js +0 -21
- package/dist-tests/api/ping.spec.js.map +0 -1
- package/dist-tests/helpers/auth.js +0 -41
- package/dist-tests/helpers/auth.js.map +0 -1
- package/dist-tests/helpers/env.js +0 -11
- package/dist-tests/helpers/env.js.map +0 -1
- package/docs/dashboards/AGENTIC_DASHBOARD_IMPLEMENTATION_PLAN.md +0 -438
- package/docs/dashboards/dashboard-curl-smoke-tests.txt +0 -146
- package/docs/dashboards/delete-legacy-dashboard-metadata.sql +0 -172
- package/docs/grouping-enhancements.md +0 -89
- package/docs/java-spring/README.md +0 -3
- package/docs/java-spring/solid-core-module-deep-dive-report.md +0 -1317
- package/docs/module-package-import-handoff.md +0 -691
- package/docs/seed-changes.md +0 -65
- package/docs/test-data-workflow.md +0 -200
- package/docs/type-declaration-import-issue.md +0 -24
- package/src/commands/ingest.command.ts +0 -36
- package/src/controllers/ai-interaction.controller.ts +0 -112
- package/src/dtos/create-ai-interaction.dto.ts +0 -89
- package/src/dtos/invoke-ai-prompt.dto.ts +0 -10
- package/src/dtos/update-ai-interaction.dto.ts +0 -93
- package/src/entities/ai-interaction.entity.ts +0 -71
- package/src/jobs/database/trigger-mcp-client-publisher-database.service.ts +0 -22
- package/src/jobs/database/trigger-mcp-client-queue-options.ts +0 -9
- package/src/jobs/database/trigger-mcp-client-subscriber-database.service.ts +0 -278
- package/src/jobs/rabbitmq/trigger-mcp-client-publisher.service.ts +0 -22
- package/src/jobs/rabbitmq/trigger-mcp-client-queue-options.ts +0 -9
- package/src/jobs/rabbitmq/trigger-mcp-client-subscriber.service.ts +0 -104
- package/src/jobs/redis/trigger-mcp-client-publisher-redis.service.ts +0 -23
- package/src/jobs/redis/trigger-mcp-client-queue-options-redis.ts +0 -9
- package/src/jobs/redis/trigger-mcp-client-subscriber-redis.service.ts +0 -98
- package/src/repository/ai-interaction.repository.ts +0 -17
- package/src/services/ai-interaction.service.ts +0 -239
- package/src/services/genai/ingest-metadata.service.ts +0 -798
- package/src/services/genai/mcp-handlers/mcp-handler-factory.service.ts +0 -33
- package/src/services/genai/r2r-helper.service.ts +0 -37
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"permissions": {
|
|
3
|
+
"allow": [
|
|
4
|
+
"Bash(node -e:*)",
|
|
5
|
+
"WebFetch(domain:docs.solidxai.com)",
|
|
6
|
+
"WebFetch(domain:github.com)",
|
|
7
|
+
"Read(//Users/oswald/projects/Solid_Starters/solidctl/**)",
|
|
8
|
+
"Read(//Users/oswald/projects/Solid_Starters/**)",
|
|
9
|
+
"Bash(find /Users/oswald/projects/Solid_Starters/solid-core-module -type d -name migration* -o -name *database*)"
|
|
10
|
+
],
|
|
11
|
+
"additionalDirectories": [
|
|
12
|
+
"/Users/oswald/projects/Solid_Starters/solidctl"
|
|
13
|
+
]
|
|
14
|
+
}
|
|
15
|
+
}
|
package/CLAUDE.md
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# This is the SolidX API project.
|
|
2
|
+
This is included as a dependency in consuming projects.
|
|
3
|
+
|
|
4
|
+
# SolidX UI
|
|
5
|
+
# The corresponding UI project is at the below path:
|
|
6
|
+
/Users/oswald/projects/Solid_Starters/solid-core-ui
|
|
7
|
+
|
|
8
|
+
# SolidX Docs
|
|
9
|
+
# The documentation project is at the below path:
|
|
10
|
+
/Users/oswald/projects/solidxai-docs
|
|
11
|
+
|
|
12
|
+
# SolidX Agent
|
|
13
|
+
# The agent project which has the skills for helping users configure, build and use SolidX is at the below path:
|
|
14
|
+
/Users/oswald/projects/Solid_Starters/agent
|
|
15
|
+
|
|
16
|
+
# SolidX Control Plane Commands
|
|
17
|
+
# The control plane commands for managing SolidX instances are in the below path:
|
|
18
|
+
/Users/oswald/projects/Solid_Starters/solidctl
|
|
19
|
+
|
|
20
|
+
# Testing reference project
|
|
21
|
+
# This is the reference library management project that is used for testing and development of SolidX features. It is located at the below path:
|
|
22
|
+
/Users/oswald/projects/Solid_Starters/solid-library-management
|
|
23
|
+
|
|
24
|
+
# Code Builder project
|
|
25
|
+
# This is the project that contains the code builder which generates code based on user input and templates. It is located at the below path:
|
|
26
|
+
/Users/oswald/projects/Solid_Starters/solid-code-builder
|
|
@@ -0,0 +1,616 @@
|
|
|
1
|
+
# Microsoft Active Directory OAuth Flow
|
|
2
|
+
|
|
3
|
+
This document explains how Microsoft Active Directory, also called Azure AD or Microsoft Entra ID, OAuth login works in Solid Core and Solid Core UI.
|
|
4
|
+
|
|
5
|
+
## Important Short Answer
|
|
6
|
+
|
|
7
|
+
On button click, frontend does not call the backend with `axios` or `fetch`.
|
|
8
|
+
|
|
9
|
+
Frontend only builds this URL:
|
|
10
|
+
|
|
11
|
+
```ts
|
|
12
|
+
const backendApiUrl = (
|
|
13
|
+
env("NEXT_PUBLIC_BACKEND_API_URL") || env("API_URL")
|
|
14
|
+
).replace(/\/+$/, "");
|
|
15
|
+
|
|
16
|
+
const getOAuthConnectUrl = (provider: string) =>
|
|
17
|
+
`${backendApiUrl}/api/iam/${provider}/connect`;
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
For Microsoft Active Directory, this becomes:
|
|
21
|
+
|
|
22
|
+
```text
|
|
23
|
+
http://localhost:3000/api/iam/microsoft-active-directory/connect
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
Then frontend does:
|
|
27
|
+
|
|
28
|
+
```ts
|
|
29
|
+
router.push(getOAuthConnectUrl("microsoft-active-directory"));
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
So frontend creates a URL and navigates the browser to that URL. Browser navigation itself makes the `GET /connect` request.
|
|
33
|
+
|
|
34
|
+
This is correct for OAuth because OAuth needs full browser redirects:
|
|
35
|
+
|
|
36
|
+
```text
|
|
37
|
+
Frontend page
|
|
38
|
+
-> Backend /connect
|
|
39
|
+
-> Microsoft login page
|
|
40
|
+
-> Backend /connect/callback
|
|
41
|
+
-> Frontend callback page
|
|
42
|
+
-> Backend /authenticate
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Why It Is Not A Normal API Call
|
|
46
|
+
|
|
47
|
+
Normal login with username/password can use an API call:
|
|
48
|
+
|
|
49
|
+
```text
|
|
50
|
+
frontend axios/fetch -> backend -> response JSON
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
OAuth login cannot work like that for the first step because the user must leave our app and open Microsoft login in the browser.
|
|
54
|
+
|
|
55
|
+
So the first step is navigation:
|
|
56
|
+
|
|
57
|
+
```text
|
|
58
|
+
browser location changes to backend /connect
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
After Microsoft login completes, the final token exchange uses an API call:
|
|
62
|
+
|
|
63
|
+
```text
|
|
64
|
+
frontend -> backend /authenticate?accessCode=...
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## Files Involved
|
|
68
|
+
|
|
69
|
+
Backend files:
|
|
70
|
+
|
|
71
|
+
```text
|
|
72
|
+
src/controllers/microsoft-active-directory-authentication.controller.ts
|
|
73
|
+
src/passport-strategies/microsoft-active-directory-oauth.strategy.ts
|
|
74
|
+
src/helpers/microsoft-active-directory-oauth.helper.ts
|
|
75
|
+
src/services/user.service.ts
|
|
76
|
+
src/services/authentication.service.ts
|
|
77
|
+
src/services/settings/default-settings-provider.service.ts
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
Frontend files:
|
|
81
|
+
|
|
82
|
+
```text
|
|
83
|
+
src/components/common/SocialMediaLogin.tsx
|
|
84
|
+
src/routes/pages/auth/InitiateMicrosoftActiveDirectoryOauthPage.tsx
|
|
85
|
+
src/components/auth/MicrosoftActiveDirectoryAuthChecking.tsx
|
|
86
|
+
src/adapters/auth/signInWithOAuthAccessCode.ts
|
|
87
|
+
src/routes/solidRoutes.tsx
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## Backend Endpoints
|
|
91
|
+
|
|
92
|
+
### 1. Start Microsoft Active Directory OAuth
|
|
93
|
+
|
|
94
|
+
```http
|
|
95
|
+
GET /api/iam/microsoft-active-directory/connect
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Controller method:
|
|
99
|
+
|
|
100
|
+
```ts
|
|
101
|
+
@Public()
|
|
102
|
+
@UseGuards(MicrosoftActiveDirectoryOauthGuard)
|
|
103
|
+
@Get("connect")
|
|
104
|
+
async connect() {
|
|
105
|
+
await this.validateConfiguration();
|
|
106
|
+
}
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
This endpoint starts OAuth. The guard runs before the method body.
|
|
110
|
+
|
|
111
|
+
The guard:
|
|
112
|
+
|
|
113
|
+
```ts
|
|
114
|
+
export class MicrosoftActiveDirectoryOauthGuard
|
|
115
|
+
extends AuthGuard("microsoft-active-directory") {}
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
This tells Passport to use the strategy named:
|
|
119
|
+
|
|
120
|
+
```text
|
|
121
|
+
microsoft-active-directory
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
### 2. Microsoft Callback
|
|
125
|
+
|
|
126
|
+
```http
|
|
127
|
+
GET /api/iam/microsoft-active-directory/connect/callback
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Controller method:
|
|
131
|
+
|
|
132
|
+
```ts
|
|
133
|
+
@Public()
|
|
134
|
+
@Get("connect/callback")
|
|
135
|
+
@UseGuards(MicrosoftActiveDirectoryOauthGuard)
|
|
136
|
+
async microsoftActiveDirectoryAuthCallback(@Req() req, @Res() res) {
|
|
137
|
+
const config = await this.validateConfiguration();
|
|
138
|
+
const user = req.user;
|
|
139
|
+
|
|
140
|
+
return res.redirect(
|
|
141
|
+
this.buildFrontendRedirectUrl(config.redirectURL, user["accessCode"]),
|
|
142
|
+
);
|
|
143
|
+
}
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
Microsoft redirects to this endpoint after successful login.
|
|
147
|
+
|
|
148
|
+
This route also uses `MicrosoftActiveDirectoryOauthGuard`, but now Microsoft sends a `code` in the URL. Passport uses that code to get an access token and profile from Microsoft.
|
|
149
|
+
|
|
150
|
+
### 3. Authenticate With accessCode
|
|
151
|
+
|
|
152
|
+
```http
|
|
153
|
+
GET /api/iam/microsoft-active-directory/authenticate?accessCode=<accessCode>
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
Controller method:
|
|
157
|
+
|
|
158
|
+
```ts
|
|
159
|
+
@Public()
|
|
160
|
+
@Get("authenticate")
|
|
161
|
+
async microsoftActiveDirectoryAuth(@Query("accessCode") accessCode: string) {
|
|
162
|
+
await this.validateConfiguration();
|
|
163
|
+
return this.authService.signInUsingMicrosoftActiveDirectory(accessCode);
|
|
164
|
+
}
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
Frontend calls this after it receives `accessCode` from the callback redirect.
|
|
168
|
+
|
|
169
|
+
This returns application JWT tokens.
|
|
170
|
+
|
|
171
|
+
## Complete Request Flow
|
|
172
|
+
|
|
173
|
+
### Step 1: User Clicks Button
|
|
174
|
+
|
|
175
|
+
Frontend file:
|
|
176
|
+
|
|
177
|
+
```text
|
|
178
|
+
src/components/common/SocialMediaLogin.tsx
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
Click handler:
|
|
182
|
+
|
|
183
|
+
```ts
|
|
184
|
+
onClick={() => router.push(getOAuthConnectUrl("microsoft-active-directory"))}
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
This creates:
|
|
188
|
+
|
|
189
|
+
```text
|
|
190
|
+
http://localhost:3000/api/iam/microsoft-active-directory/connect
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
Then browser opens that URL.
|
|
194
|
+
|
|
195
|
+
Note: yahan frontend direct API call nahi kar raha. Sirf URL bana kar browser ko us URL par bhej raha hai.
|
|
196
|
+
|
|
197
|
+
### Step 2: Backend /connect Runs Guard
|
|
198
|
+
|
|
199
|
+
Backend route:
|
|
200
|
+
|
|
201
|
+
```http
|
|
202
|
+
GET /api/iam/microsoft-active-directory/connect
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
Before `connect()` runs, Nest runs:
|
|
206
|
+
|
|
207
|
+
```ts
|
|
208
|
+
MicrosoftActiveDirectoryOauthGuard
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
Guard calls Passport strategy:
|
|
212
|
+
|
|
213
|
+
```ts
|
|
214
|
+
AuthGuard("microsoft-active-directory")
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
Strategy config:
|
|
218
|
+
|
|
219
|
+
```ts
|
|
220
|
+
super({
|
|
221
|
+
clientID,
|
|
222
|
+
clientSecret,
|
|
223
|
+
callbackURL,
|
|
224
|
+
tenant,
|
|
225
|
+
scope: MICROSOFT_ACTIVE_DIRECTORY_OAUTH_SCOPES,
|
|
226
|
+
addUPNAsEmail: true,
|
|
227
|
+
});
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
Passport redirects the browser to Microsoft login page.
|
|
231
|
+
|
|
232
|
+
### Step 3: Microsoft Login Page Opens
|
|
233
|
+
|
|
234
|
+
Browser leaves our app and opens Microsoft login.
|
|
235
|
+
|
|
236
|
+
Microsoft receives values like:
|
|
237
|
+
|
|
238
|
+
```text
|
|
239
|
+
client_id
|
|
240
|
+
redirect_uri
|
|
241
|
+
scope
|
|
242
|
+
tenant
|
|
243
|
+
response_type=code
|
|
244
|
+
```
|
|
245
|
+
|
|
246
|
+
The `redirect_uri` comes from:
|
|
247
|
+
|
|
248
|
+
```env
|
|
249
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL
|
|
250
|
+
```
|
|
251
|
+
|
|
252
|
+
Example:
|
|
253
|
+
|
|
254
|
+
```env
|
|
255
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL=http://localhost:3000/api/iam/microsoft-active-directory/connect/callback
|
|
256
|
+
```
|
|
257
|
+
|
|
258
|
+
This exact URL must be registered in Azure App Registration.
|
|
259
|
+
|
|
260
|
+
### Step 4: Microsoft Redirects Back To Backend
|
|
261
|
+
|
|
262
|
+
After successful Microsoft login, Microsoft redirects browser to:
|
|
263
|
+
|
|
264
|
+
```text
|
|
265
|
+
http://localhost:3000/api/iam/microsoft-active-directory/connect/callback?code=...
|
|
266
|
+
```
|
|
267
|
+
|
|
268
|
+
This is the callback route.
|
|
269
|
+
|
|
270
|
+
### Step 5: Guard Runs Again On Callback
|
|
271
|
+
|
|
272
|
+
The callback route also has:
|
|
273
|
+
|
|
274
|
+
```ts
|
|
275
|
+
@UseGuards(MicrosoftActiveDirectoryOauthGuard)
|
|
276
|
+
```
|
|
277
|
+
|
|
278
|
+
Now the guard sees Microsoft `code`.
|
|
279
|
+
|
|
280
|
+
Passport exchanges that `code` with Microsoft and gets:
|
|
281
|
+
|
|
282
|
+
```text
|
|
283
|
+
access token
|
|
284
|
+
profile
|
|
285
|
+
```
|
|
286
|
+
|
|
287
|
+
Then Passport calls the strategy `validate()` method.
|
|
288
|
+
|
|
289
|
+
### Step 6: Strategy validate() Creates accessCode
|
|
290
|
+
|
|
291
|
+
Backend file:
|
|
292
|
+
|
|
293
|
+
```text
|
|
294
|
+
src/passport-strategies/microsoft-active-directory-oauth.strategy.ts
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
Method:
|
|
298
|
+
|
|
299
|
+
```ts
|
|
300
|
+
async validate(_accessToken, _refreshToken, profile, done) {
|
|
301
|
+
const loginAccessCode = uuid();
|
|
302
|
+
|
|
303
|
+
const user = {
|
|
304
|
+
provider: "microsoftActiveDirectory",
|
|
305
|
+
providerId,
|
|
306
|
+
email,
|
|
307
|
+
name,
|
|
308
|
+
picture,
|
|
309
|
+
accessCode: loginAccessCode,
|
|
310
|
+
};
|
|
311
|
+
|
|
312
|
+
await this.userService.resolveUserOnOauthMicrosoftActiveDirectory({
|
|
313
|
+
...user,
|
|
314
|
+
accessToken: _accessToken,
|
|
315
|
+
refreshToken: null,
|
|
316
|
+
});
|
|
317
|
+
|
|
318
|
+
done(null, user);
|
|
319
|
+
}
|
|
320
|
+
```
|
|
321
|
+
|
|
322
|
+
This method creates a temporary `accessCode`. This is not the JWT. It is only a one-time code used by frontend to complete login.
|
|
323
|
+
|
|
324
|
+
### Step 7: User Is Created Or Updated
|
|
325
|
+
|
|
326
|
+
Backend file:
|
|
327
|
+
|
|
328
|
+
```text
|
|
329
|
+
src/services/user.service.ts
|
|
330
|
+
```
|
|
331
|
+
|
|
332
|
+
Method:
|
|
333
|
+
|
|
334
|
+
```ts
|
|
335
|
+
resolveUserOnOauthMicrosoftActiveDirectory()
|
|
336
|
+
```
|
|
337
|
+
|
|
338
|
+
It checks user by email:
|
|
339
|
+
|
|
340
|
+
```text
|
|
341
|
+
if user does not exist:
|
|
342
|
+
create user
|
|
343
|
+
save Microsoft Active Directory id/token/profile picture
|
|
344
|
+
save accessCode
|
|
345
|
+
initialize default role
|
|
346
|
+
|
|
347
|
+
if user exists:
|
|
348
|
+
update Microsoft Active Directory id/token/profile picture
|
|
349
|
+
update accessCode
|
|
350
|
+
```
|
|
351
|
+
|
|
352
|
+
Important fields saved:
|
|
353
|
+
|
|
354
|
+
```text
|
|
355
|
+
accessCode
|
|
356
|
+
microsoftActiveDirectoryId
|
|
357
|
+
microsoftActiveDirectoryAccessToken
|
|
358
|
+
microsoftActiveDirectoryProfilePicture
|
|
359
|
+
lastLoginProvider
|
|
360
|
+
```
|
|
361
|
+
|
|
362
|
+
### Step 8: Backend Redirects To Frontend
|
|
363
|
+
|
|
364
|
+
After strategy validation, callback controller gets `req.user`.
|
|
365
|
+
|
|
366
|
+
Then it redirects to frontend:
|
|
367
|
+
|
|
368
|
+
```ts
|
|
369
|
+
this.buildFrontendRedirectUrl(config.redirectURL, user["accessCode"])
|
|
370
|
+
```
|
|
371
|
+
|
|
372
|
+
`config.redirectURL` comes from:
|
|
373
|
+
|
|
374
|
+
```env
|
|
375
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL
|
|
376
|
+
```
|
|
377
|
+
|
|
378
|
+
Example:
|
|
379
|
+
|
|
380
|
+
```env
|
|
381
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL=http://localhost:3001/auth/initiate-microsoft-active-directory-oauth
|
|
382
|
+
```
|
|
383
|
+
|
|
384
|
+
Final redirect URL becomes:
|
|
385
|
+
|
|
386
|
+
```text
|
|
387
|
+
http://localhost:3001/auth/initiate-microsoft-active-directory-oauth?accessCode=<uuid>
|
|
388
|
+
```
|
|
389
|
+
|
|
390
|
+
This URL is frontend, not backend.
|
|
391
|
+
|
|
392
|
+
### Step 9: Frontend Reads accessCode
|
|
393
|
+
|
|
394
|
+
Frontend route:
|
|
395
|
+
|
|
396
|
+
```text
|
|
397
|
+
/auth/initiate-microsoft-active-directory-oauth
|
|
398
|
+
```
|
|
399
|
+
|
|
400
|
+
Frontend file:
|
|
401
|
+
|
|
402
|
+
```text
|
|
403
|
+
src/routes/pages/auth/InitiateMicrosoftActiveDirectoryOauthPage.tsx
|
|
404
|
+
```
|
|
405
|
+
|
|
406
|
+
It renders:
|
|
407
|
+
|
|
408
|
+
```ts
|
|
409
|
+
<MicrosoftActiveDirectoryAuthChecking />
|
|
410
|
+
```
|
|
411
|
+
|
|
412
|
+
That component reads:
|
|
413
|
+
|
|
414
|
+
```ts
|
|
415
|
+
const accessCode = searchParams.get("accessCode");
|
|
416
|
+
```
|
|
417
|
+
|
|
418
|
+
### Step 10: Frontend Calls Backend /authenticate
|
|
419
|
+
|
|
420
|
+
Frontend file:
|
|
421
|
+
|
|
422
|
+
```text
|
|
423
|
+
src/adapters/auth/signInWithOAuthAccessCode.ts
|
|
424
|
+
```
|
|
425
|
+
|
|
426
|
+
It calls:
|
|
427
|
+
|
|
428
|
+
```ts
|
|
429
|
+
solidGet(
|
|
430
|
+
`${apiUrl}/api/iam/${provider}/authenticate?accessCode=${encodeURIComponent(accessCode)}`
|
|
431
|
+
)
|
|
432
|
+
```
|
|
433
|
+
|
|
434
|
+
For Microsoft Active Directory:
|
|
435
|
+
|
|
436
|
+
```text
|
|
437
|
+
GET /api/iam/microsoft-active-directory/authenticate?accessCode=<uuid>
|
|
438
|
+
```
|
|
439
|
+
|
|
440
|
+
This is the real frontend API call.
|
|
441
|
+
|
|
442
|
+
### Step 11: Backend Validates accessCode And Returns JWT
|
|
443
|
+
|
|
444
|
+
Backend file:
|
|
445
|
+
|
|
446
|
+
```text
|
|
447
|
+
src/services/authentication.service.ts
|
|
448
|
+
```
|
|
449
|
+
|
|
450
|
+
Method:
|
|
451
|
+
|
|
452
|
+
```ts
|
|
453
|
+
signInUsingMicrosoftActiveDirectory(accessCode)
|
|
454
|
+
```
|
|
455
|
+
|
|
456
|
+
It does:
|
|
457
|
+
|
|
458
|
+
```text
|
|
459
|
+
1. Find user by accessCode
|
|
460
|
+
2. Check account is not blocked
|
|
461
|
+
3. Validate saved Microsoft access token using Microsoft Graph /me
|
|
462
|
+
4. Verify Microsoft profile id/email matches the saved user
|
|
463
|
+
5. Generate application JWT accessToken and refreshToken
|
|
464
|
+
6. Return user and tokens
|
|
465
|
+
```
|
|
466
|
+
|
|
467
|
+
After frontend receives tokens, it stores session the same way as existing OAuth login.
|
|
468
|
+
|
|
469
|
+
## callbackURL vs redirectURL
|
|
470
|
+
|
|
471
|
+
These two are different and both are required.
|
|
472
|
+
|
|
473
|
+
### callbackURL
|
|
474
|
+
|
|
475
|
+
Used by Microsoft to come back to backend:
|
|
476
|
+
|
|
477
|
+
```env
|
|
478
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL=http://localhost:3000/api/iam/microsoft-active-directory/connect/callback
|
|
479
|
+
```
|
|
480
|
+
|
|
481
|
+
This must be registered in Azure App Registration.
|
|
482
|
+
|
|
483
|
+
### redirectURL
|
|
484
|
+
|
|
485
|
+
Used by backend to send the user back to frontend:
|
|
486
|
+
|
|
487
|
+
```env
|
|
488
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL=http://localhost:3001/auth/initiate-microsoft-active-directory-oauth
|
|
489
|
+
```
|
|
490
|
+
|
|
491
|
+
This does not go in Azure redirect URI list unless your Azure app directly redirects to frontend, which this backend flow does not do.
|
|
492
|
+
|
|
493
|
+
## Required Environment Variables
|
|
494
|
+
|
|
495
|
+
Backend:
|
|
496
|
+
|
|
497
|
+
```env
|
|
498
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CLIENT_ID=<azure-client-id>
|
|
499
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CLIENT_SECRET=<azure-client-secret>
|
|
500
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_TENANT_ID=<tenant-id-or-common>
|
|
501
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL=http://localhost:3000/api/iam/microsoft-active-directory/connect/callback
|
|
502
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL=http://localhost:3001/auth/initiate-microsoft-active-directory-oauth
|
|
503
|
+
```
|
|
504
|
+
|
|
505
|
+
Frontend:
|
|
506
|
+
|
|
507
|
+
```env
|
|
508
|
+
VITE_BACKEND_API_URL=http://localhost:3000
|
|
509
|
+
VITE_API_URL=http://localhost:3000
|
|
510
|
+
VITE_BASE_URL=http://localhost:3001
|
|
511
|
+
```
|
|
512
|
+
|
|
513
|
+
## Azure App Registration Setup
|
|
514
|
+
|
|
515
|
+
In Azure Portal:
|
|
516
|
+
|
|
517
|
+
```text
|
|
518
|
+
Microsoft Entra ID
|
|
519
|
+
-> App registrations
|
|
520
|
+
-> Your app
|
|
521
|
+
-> Authentication
|
|
522
|
+
-> Add platform
|
|
523
|
+
-> Web
|
|
524
|
+
-> Redirect URIs
|
|
525
|
+
```
|
|
526
|
+
|
|
527
|
+
Add exactly:
|
|
528
|
+
|
|
529
|
+
```text
|
|
530
|
+
http://localhost:3000/api/iam/microsoft-active-directory/connect/callback
|
|
531
|
+
```
|
|
532
|
+
|
|
533
|
+
The value must exactly match `IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL`.
|
|
534
|
+
|
|
535
|
+
Exact means same:
|
|
536
|
+
|
|
537
|
+
```text
|
|
538
|
+
protocol: http vs https
|
|
539
|
+
host: localhost
|
|
540
|
+
port: 3000
|
|
541
|
+
path: /api/iam/microsoft-active-directory/connect/callback
|
|
542
|
+
trailing slash: no extra slash
|
|
543
|
+
```
|
|
544
|
+
|
|
545
|
+
## Common Mistakes
|
|
546
|
+
|
|
547
|
+
### redirect_uri is not valid
|
|
548
|
+
|
|
549
|
+
Reason:
|
|
550
|
+
|
|
551
|
+
```text
|
|
552
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL does not match Azure redirect URI.
|
|
553
|
+
```
|
|
554
|
+
|
|
555
|
+
Fix:
|
|
556
|
+
|
|
557
|
+
```text
|
|
558
|
+
Register the exact callback URL in Azure.
|
|
559
|
+
```
|
|
560
|
+
|
|
561
|
+
### Using frontend URL as callbackURL
|
|
562
|
+
|
|
563
|
+
Wrong:
|
|
564
|
+
|
|
565
|
+
```env
|
|
566
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL=http://localhost:3001/auth/initiate-microsoft-active-directory-oauth
|
|
567
|
+
```
|
|
568
|
+
|
|
569
|
+
Correct:
|
|
570
|
+
|
|
571
|
+
```env
|
|
572
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CALLBACK_URL=http://localhost:3000/api/iam/microsoft-active-directory/connect/callback
|
|
573
|
+
```
|
|
574
|
+
|
|
575
|
+
### Using backend API URL as redirectURL
|
|
576
|
+
|
|
577
|
+
Wrong:
|
|
578
|
+
|
|
579
|
+
```env
|
|
580
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL=http://localhost:3000/api/auth/initiate-microsoft-active-directory-oauth
|
|
581
|
+
```
|
|
582
|
+
|
|
583
|
+
Correct:
|
|
584
|
+
|
|
585
|
+
```env
|
|
586
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_REDIRECT_URL=http://localhost:3001/auth/initiate-microsoft-active-directory-oauth
|
|
587
|
+
```
|
|
588
|
+
|
|
589
|
+
### Empty client id crashes strategy
|
|
590
|
+
|
|
591
|
+
Wrong:
|
|
592
|
+
|
|
593
|
+
```env
|
|
594
|
+
IAM_MICROSOFT_ACTIVE_DIRECTORY_OAUTH_CLIENT_ID=
|
|
595
|
+
```
|
|
596
|
+
|
|
597
|
+
If OAuth is not configured, leave it absent or let the strategy use dummy startup values. If OAuth should work, set the real Azure client id.
|
|
598
|
+
|
|
599
|
+
## Final Flow Summary
|
|
600
|
+
|
|
601
|
+
```text
|
|
602
|
+
1. User clicks Microsoft Active Directory button
|
|
603
|
+
2. Frontend builds backend /connect URL
|
|
604
|
+
3. Frontend navigates browser to backend /connect
|
|
605
|
+
4. Backend Passport guard redirects browser to Microsoft
|
|
606
|
+
5. User logs in on Microsoft
|
|
607
|
+
6. Microsoft redirects browser to backend /connect/callback with code
|
|
608
|
+
7. Backend exchanges code for Microsoft token/profile
|
|
609
|
+
8. Backend creates/updates user and stores temporary accessCode
|
|
610
|
+
9. Backend redirects browser to frontend redirectURL with accessCode
|
|
611
|
+
10. Frontend reads accessCode
|
|
612
|
+
11. Frontend calls backend /authenticate?accessCode=...
|
|
613
|
+
12. Backend verifies user/token and returns application JWT
|
|
614
|
+
13. Frontend stores JWT session
|
|
615
|
+
```
|
|
616
|
+
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
-- =============================================================
|
|
2
|
+
-- AI Interaction Metadata Cleanup Script
|
|
3
|
+
-- Run this against your PostgreSQL database to remove all
|
|
4
|
+
-- metadata and data associated with the aiInteraction model.
|
|
5
|
+
-- =============================================================
|
|
6
|
+
|
|
7
|
+
BEGIN;
|
|
8
|
+
|
|
9
|
+
-- 1. Remove menu item
|
|
10
|
+
DELETE FROM ss_menu_item_metadata
|
|
11
|
+
WHERE name = 'aiInteraction-menu-item';
|
|
12
|
+
|
|
13
|
+
-- 2. Remove action
|
|
14
|
+
DELETE FROM ss_action_metadata
|
|
15
|
+
WHERE name = 'aiInteraction-list-action';
|
|
16
|
+
|
|
17
|
+
-- 3. Remove user-level view customisations for aiInteraction views
|
|
18
|
+
DELETE FROM ss_user_view_metadata
|
|
19
|
+
WHERE view_metadata_id IN (
|
|
20
|
+
SELECT id FROM ss_view_metadata
|
|
21
|
+
WHERE name IN ('aiInteraction-list-view', 'aiInteraction-form-view')
|
|
22
|
+
);
|
|
23
|
+
|
|
24
|
+
-- 4. Remove saved filters pointing at the aiInteraction model
|
|
25
|
+
DELETE FROM ss_saved_fitlers
|
|
26
|
+
WHERE model_id = (
|
|
27
|
+
SELECT id FROM ss_model_metadata WHERE singular_name = 'aiInteraction'
|
|
28
|
+
);
|
|
29
|
+
|
|
30
|
+
-- 5. Remove security rules scoped to the aiInteraction model
|
|
31
|
+
DELETE FROM ss_security_rule
|
|
32
|
+
WHERE model_metadata_id = (
|
|
33
|
+
SELECT id FROM ss_model_metadata WHERE singular_name = 'aiInteraction'
|
|
34
|
+
);
|
|
35
|
+
|
|
36
|
+
-- 6. Remove views
|
|
37
|
+
DELETE FROM ss_view_metadata
|
|
38
|
+
WHERE name IN ('aiInteraction-list-view', 'aiInteraction-form-view');
|
|
39
|
+
|
|
40
|
+
-- 7. Remove field metadata belonging to the aiInteraction model
|
|
41
|
+
DELETE FROM ss_field_metadata
|
|
42
|
+
WHERE model_id = (
|
|
43
|
+
SELECT id FROM ss_model_metadata WHERE singular_name = 'aiInteraction'
|
|
44
|
+
);
|
|
45
|
+
|
|
46
|
+
-- 8. Remove the model metadata record itself
|
|
47
|
+
DELETE FROM ss_model_metadata
|
|
48
|
+
WHERE singular_name = 'aiInteraction';
|
|
49
|
+
|
|
50
|
+
-- 9. Drop the actual data table
|
|
51
|
+
DROP TABLE IF EXISTS ss_ai_interactions;
|
|
52
|
+
|
|
53
|
+
COMMIT;
|
|
@@ -25,6 +25,7 @@ export declare const ERROR_MESSAGES: {
|
|
|
25
25
|
ACCESS_DENIED: string;
|
|
26
26
|
INVALID_USER_PROFILE: string;
|
|
27
27
|
GOOGLE_OAUTH_PROFILE_FETCH_FAILED: string;
|
|
28
|
+
MICROSOFT_ACTIVE_DIRECTORY_OAUTH_PROFILE_FETCH_FAILED: string;
|
|
28
29
|
LOGOUT_FAILED: string;
|
|
29
30
|
INVALID_CREDENTIALS: string;
|
|
30
31
|
LOGIN_FAILED: string;
|