fix: Configure HTTPS domain and OAuth callback route

- Update configuration for production HTTPS domain (devden.hiddenden.cafe) - Add nginx reverse proxy for /api and /auth routes to backend - Create auth-callback.html to handle Microsoft Entra ID OAuth redirect - Fix API_URL in script.js to use same origin (remove :8000 port) - Add cache-busting query parameter (?v=2) to script.js - Update .env.example with HTTPS requirements documentation This resolves Azure Entra ID redirect URI mismatch and enables proper OAuth authentication flow through the nginx frontend proxy. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-16 10:43:16 +00:00
parent b61aa68bcd
commit 44ca64e120
7 changed files with 90 additions and 5 deletions
--- a/.env.example
+++ b/.env.example
@@ -13,11 +13,15 @@ OPENAI_MODEL=gpt-4o-mini
 # API Configuration
 MAX_TOKENS=4000
 TEMPERATURE=0.7
+# For local development use: http://localhost:3000
+# For production use your domain with HTTPS: https://your-domain.com
 FRONTEND_URL=http://localhost:3000

 # Microsoft Entra ID (Azure AD)
 # Create an app registration at: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps
-# Add redirect URI: http://localhost:3000/auth/callback
+# IMPORTANT: Azure requires HTTPS for non-localhost redirect URIs
+# For localhost: http://localhost:3000/auth/callback
+# For production: https://your-domain.com/auth/callback
 ENTRA_TENANT_ID=your-tenant-id
 ENTRA_CLIENT_ID=your-client-id
 ENTRA_CLIENT_SECRET=your-client-secret