feat: Complete Azure SSO implementation (v0.1.3)

- Add SSO session cleanup task (10-min expiry, 60s purge interval) - Change callback to redirect to frontend with tokens as query params - Add sso_callback_url to SecurityConfig with serde default - Add SsoCallbackPage.tsx for handling SSO callback redirects - Add /auth/sso/callback public route to App.tsx - Add Sign in with Microsoft Azure button to LoginPage - Replace insecure decode_jwt_payload with verify_id_token - Implement JWKS caching (1-hour TTL) and RSA signature verification - Validate iss, aud, exp claims on id_token - Add jsonwebtoken dependency to pm-web crate - Update config.example.toml with sso_callback_url setting - Add sso_callback_url to settings response (read-only from TOML)
2026-05-12 17:01:20 +00:00
parent 08add28b80
commit 86a6c714d4
18 changed files with 561 additions and 239 deletions
--- a/config/config.example.toml
+++ b/config/config.example.toml
@ -101,3 +101,8 @@ ca_key_path  = "/etc/patch-manager/ca/ca.key"
 # point these paths to your certificate/key to use your own cert.
 web_tls_cert_path = "/etc/patch-manager/tls/web.crt"
 web_tls_key_path  = "/etc/patch-manager/tls/web.key"
+
+# Frontend URL to redirect the browser to after Azure SSO callback.
+# The backend sends tokens as query parameters to this URL.
+# Default: "http://localhost:5173/auth/sso/callback" (Vite dev server)
+sso_callback_url = "http://localhost:5173/auth/sso/callback"