Add Entra ID authentication with role-based access control
Implement Microsoft Entra ID (Azure AD) authentication with user and admin roles. Features: - OAuth 2.0 authentication flow using MSAL - User and admin role-based access control - Tenant ownership and access management - Server-side session storage - Protected routes with authentication decorators Authentication: - Users authenticate via Microsoft organizational accounts - Admin role automatically assigned to DEFAULT_ADMIN_EMAIL - User profiles synced from Microsoft Graph API Access Control: - Admins: Full access to all tenants and server settings - Users: Can create and manage their own tenants only - Tenant association: Auto-created when user adds products - API endpoints remain open for AR application access Database Changes: - New users table with email, azure_oid, name, and role - New user_tenants table for many-to-many tenant ownership - Case-insensitive admin email comparison Configuration: - Environment-based config via .env file - Azure AD credentials (client ID, secret, tenant ID) - Configurable redirect URI and admin email - Updated to Flask 2.2.5 for compatibility
This commit is contained in:
@@ -1,5 +1,9 @@
|
||||
Flask==2.0.1
|
||||
Werkzeug==2.0.3
|
||||
Flask==2.2.5
|
||||
Werkzeug==2.2.3
|
||||
python-barcode==0.14.0
|
||||
qrcode==7.4.2
|
||||
Pillow==9.5.0
|
||||
msal==1.24.0
|
||||
python-dotenv==1.0.0
|
||||
Flask-Session==0.5.0
|
||||
requests==2.31.0
|
||||
|
||||
Reference in New Issue
Block a user