From 4f6caeb97a6be125ee8b04dbdda9cd9d67265e78 Mon Sep 17 00:00:00 2001 From: ValueOn AG Date: Thu, 6 Nov 2025 12:07:11 +0100 Subject: [PATCH] new msft app cert --- env_prod.env | 2 +- modules/routes/routeSecurityMsft.py | 42 +++++++++++++++++++++++++++-- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/env_prod.env b/env_prod.env index a3cc8614..104d343a 100644 --- a/env_prod.env +++ b/env_prod.env @@ -58,7 +58,7 @@ Connector_AiTavily_API_SECRET = PROD_ENC:Z0FBQUFBQnBDM1Z3NmItcDh6V0JpcE5Jc0NlUWZ # Agent Mail configuration Service_MSFT_CLIENT_ID = c7e7112d-61dc-4f3a-8cd3-08cc4cd7504c -Service_MSFT_CLIENT_SECRET = PROD_ENC:Z0FBQUFBQnBDM1Z3NjBORzZ2VEVRaEZlYXhpdGM2eDJoV29SSk90bS1MMjNXWmhnRF8zWk9va2s5YmRTazZfWG1aTUY0S3NIU2FCOHdCbDduRWxtWXltdW9NNHVZN3E5cWladjZHZ1pmSTlUNFBqYi1UQTlzbS1xT2Rlb1o2bnl6bFhpejdjMVJqWXI= +Service_MSFT_CLIENT_SECRET = PROD_ENC:Z0FBQUFBQnBESUZEMEZodmsxVTFtWkxScW9DT0JZVWZTZDVtak02NnlnYm04NDdZclBSbWFOSlRGSnhGazg0dmNQOVpuU1ZCbENBN3RUaWJGYk1ISldUQndaNU1GTGdhTmZxT0tlakZ1NjNmRzI5ZFJjSF9SSzNNUFdaRDNXbXgwdEc1ZkFnV3NJbUI= Service_MSFT_TENANT_ID = common # Google Service configuration diff --git a/modules/routes/routeSecurityMsft.py b/modules/routes/routeSecurityMsft.py index 9059b3da..3d5aa1fb 100644 --- a/modules/routes/routeSecurityMsft.py +++ b/modules/routes/routeSecurityMsft.py @@ -40,6 +40,16 @@ CLIENT_SECRET = APP_CONFIG.get("Service_MSFT_CLIENT_SECRET") TENANT_ID = APP_CONFIG.get("Service_MSFT_TENANT_ID", "common") REDIRECT_URI = APP_CONFIG.get("Service_MSFT_REDIRECT_URI") AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}" + +# Validate configuration at module load +if not CLIENT_ID: + logger.warning("Service_MSFT_CLIENT_ID is not configured") +if not CLIENT_SECRET: + logger.warning("Service_MSFT_CLIENT_SECRET is not configured") +if not REDIRECT_URI: + logger.warning("Service_MSFT_REDIRECT_URI is not configured") +if CLIENT_SECRET and CLIENT_SECRET.startswith(("PROD_ENC:", "INT_ENC:", "DEV_ENC:")): + logger.warning("Service_MSFT_CLIENT_SECRET appears to be encrypted - ensure decryption is working") SCOPES = [ "Mail.ReadWrite", # Read and write mail "Mail.Send", # Send mail @@ -149,9 +159,37 @@ async def auth_callback(code: str, state: str, request: Request, response: Respo ) if "error" in token_response: - logger.error(f"Token acquisition failed: {token_response['error']}") + error_code = token_response.get('error') + error_description = token_response.get('error_description', 'No description provided') + error_uri = token_response.get('error_uri', '') + + logger.error( + f"Token acquisition failed: {error_code} - {error_description} | " + f"CLIENT_ID: {CLIENT_ID[:8]}... | " + f"REDIRECT_URI: {REDIRECT_URI} | " + f"TENANT_ID: {TENANT_ID}" + ) + + # Provide more helpful error message based on error code + if error_code == "invalid_client": + error_msg = "Invalid client credentials. Please check CLIENT_ID and CLIENT_SECRET configuration." + elif error_code == "invalid_grant": + error_msg = "Invalid authorization code or redirect URI mismatch." + else: + error_msg = f"Authentication failed: {error_description or error_code}" + return HTMLResponse( - content="

Authentication Failed

Could not acquire token.

", + content=f""" + + Authentication Failed + +

Authentication Failed

+

{error_msg}

+

Error code: {error_code}

+

Please contact support if this issue persists.

+ + + """, status_code=400 )