Hiddenden/DevDen
Archived
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

quick update

Browse Source
This commit is contained in:
Latte
2026-01-16 10:43:53 +00:00
parent 44ca64e120
commit 46eb9ddf7d
2 changed files with 772 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -26,11 +26,14 @@ cp .env.example .env
```
3. **Set up Microsoft Entra ID** (Azure AD)
- Go to [Azure Portal - App Registrations](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps)
- Create a new app registration
- Add redirect URI: `http://localhost:3000/auth/callback`
- Generate a client secret under "Certificates & secrets"
- Copy Tenant ID, Client ID, and Client Secret to your `.env` file
- Sign in to the [Azure Portal - App Registrations](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps) page using an account that can manage Entra applications.
- Create a new app registration named something like “DevDen Auth” and choose “Accounts in this organizational directory only” (single tenant) unless you explicitly need multi-tenant access.
- Under **Authentication**, register the redirect URI `http://localhost:3000/auth/callback` (or your deployed URL if you are not running locally) and enable the **ID tokens (used for implicit flows)** checkbox.
- Click **Save**, then go to **API permissions** and add the **Microsoft Graph > User.Read (delegated)** permission, clicking **Grant admin consent** afterward so DevDen can read the signed-in users profile.
- Open **Certificates & secrets**, create a new client secret, give it a descriptive name, and copy the value immediately (it is hidden after leaving the page).
- Capture the Tenant ID, Client ID, and the client secret value and paste them into your `.env` as `ENTRA_TENANT_ID`, `ENTRA_CLIENT_ID`, and `ENTRA_CLIENT_SECRET`. If you changed the redirect URI, also update `ENTRA_REDIRECT_URI` to match what you entered in Entra ID.
- Optionally configure application roles and group claims if you want to limit access to specific users/groups, then run `docker compose down && docker compose up -d --build` to ensure the backend reloads the updated secret values.
- Test the login flow by visiting `http://localhost:3000`, clicking **Login with Microsoft**, and confirming you are redirected back with a chat session. If you see a “redirect_uri_mismatch” error, double-check the URI in both the portal and your `.env` file.
4. **Start the services**
```bash