fix: Use dynamic environment config in auth-service for OAuth flows

Author: mbertelsen

server/src/index.ts

@@ -117,6 +117,7 @@ if (fs.existsSync(staticPath)) {
       VITE_NODE_ENV: process.env.VITE_NODE_ENV || 'production',
       VITE_OAUTH_WEB_CLIENT_ID: process.env.VITE_OAUTH_WEB_CLIENT_ID || '',
       VITE_OAUTH_WEB_CLIENT_SECRET: process.env.VITE_OAUTH_WEB_CLIENT_SECRET ? 'SET' : '',
+      VITE_OAUTH_REDIRECT_URI: process.env.VITE_OAUTH_REDIRECT_URI || '',
 
       // Development environment variables
       VITE_DEV_BACKEND_BASE_URL: process.env.VITE_DEV_BACKEND_BASE_URL || '',
@@ -204,6 +205,7 @@ if (fs.existsSync(staticPath)) {
       VITE_NODE_ENV: process.env.VITE_NODE_ENV || 'production',
       VITE_OAUTH_WEB_CLIENT_ID: process.env.VITE_OAUTH_WEB_CLIENT_ID || '',
       VITE_OAUTH_WEB_CLIENT_SECRET: process.env.VITE_OAUTH_WEB_CLIENT_SECRET ? 'SET' : '',
+      VITE_OAUTH_REDIRECT_URI: process.env.VITE_OAUTH_REDIRECT_URI || '',
 
       // Development environment variables
       VITE_DEV_BACKEND_BASE_URL: process.env.VITE_DEV_BACKEND_BASE_URL || '',

src/lib/auth-service.ts

@@ -1,3 +1,5 @@
+import { getCurrentEnvironmentConfig } from './environment-switcher';
+
 interface TokenResponse {
   access_token: string;
   token_type: string;
@@ -7,7 +9,7 @@ interface TokenResponse {
 }
 
 interface TokenData {
- sToken: string;
+  accessToken: string;
   tokenType: string;
   expiresAt: Date;
   refreshToken?: string;
@@ -243,11 +245,18 @@ class AuthService {
     sessionStorage.setItem('oauth_code_verifier', codeVerifier);
     sessionStorage.setItem('oauth_state', state);
 
+    // Get current environment configuration
+    const envConfig = getCurrentEnvironmentConfig();
+    console.log('🔐 [auth-service] Using environment config for login:', {
+      loginBaseUrl: envConfig.loginBaseUrl,
+      clientId: envConfig.oauthClientId
+    });
+
     // Build authorization URL
     const authUrl = await buildAuthorizationUrl(
       {
-        clientId: OAUTH_CONFIG.webClientId,
-        loginBaseUrl: ENV_URLS.loginBase,
+        clientId: envConfig.oauthClientId,
+        loginBaseUrl: envConfig.loginBaseUrl,
         redirectUri: OAUTH_CONFIG.redirectUri,
         scopes: OAUTH_CONFIG.scopes
       },
@@ -295,12 +304,19 @@ class AuthService {
     }
 
     try {
+      // Get current environment configuration for token exchange
+      const envConfig = getCurrentEnvironmentConfig();
+      console.log('🔑 [auth-service] Using environment config for token exchange:', {
+        loginBaseUrl: envConfig.loginBaseUrl,
+        clientId: envConfig.oauthClientId
+      });
+
       // Exchange code for tokens
       const tokenResponse = await exchangeCodeForToken(
         {
-          clientId: OAUTH_CONFIG.webClientId,
-          clientSecret: OAUTH_CONFIG.webClientSecret,
-          loginBaseUrl: ENV_URLS.loginBase,
+          clientId: envConfig.oauthClientId,
+          clientSecret: envConfig.oauthClientSecret,
+          loginBaseUrl: envConfig.loginBaseUrl,
           redirectUri: OAUTH_CONFIG.redirectUri,
           scopes: OAUTH_CONFIG.scopes
         },

src/lib/env.ts

@@ -152,12 +152,26 @@ export const OAUTH_CONFIG = {
   get webClientSecret() {
     return getOAuthClientSecret();
   },
-  redirectUri: (() => {
-    // Build redirect URI dynamically from current window location
-    // This automatically works for localhost, dev, staging, and production environments
+  get redirectUri() {
+    // Priority:
+    // 1. Runtime config (Azure environment variable)
+    // 2. Build-time env (for local development)
+    // 3. Dynamic from window.location.origin (fallback)
+    
+    const runtimeRedirect = (window as any)?.runtimeConfig?.VITE_OAUTH_REDIRECT_URI;
+    if (runtimeRedirect) {
+      return runtimeRedirect;
+    }
+    
+    const buildTimeRedirect = import.meta.env.VITE_OAUTH_REDIRECT_URI;
+    if (buildTimeRedirect) {
+      return buildTimeRedirect;
+    }
+    
+    // Fallback: build dynamically from current window location
     const origin = window.location.origin;
     return `${origin}/account/callback`;
-  })(),
+  },
   scopes: [
     'openid',
     'profile',