chore: refactor Microsoft OAuth configuration to unify client ID and secret for Teams and OneDrive in environment files and related code

2026-04-25 00:36:31 +02:00 · 2026-03-28 16:37:23 +05:30 · 2026-03-28 16:37:23 +05:30 · 7004e764a9
commit 7004e764a9
parent bb894ee158
6 changed files with 24 additions and 36 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@ -203,14 +203,10 @@ STT_SERVICE=local/base
 # AIRTABLE_CLIENT_SECRET=
 # AIRTABLE_REDIRECT_URI=http://localhost:8000/api/v1/auth/airtable/connector/callback

-# -- Microsoft Teams --
-# TEAMS_CLIENT_ID=
-# TEAMS_CLIENT_SECRET=
+# -- Microsoft OAuth (shared for Teams and OneDrive) --
+# MICROSOFT_CLIENT_ID=
+# MICROSOFT_CLIENT_SECRET=
 # TEAMS_REDIRECT_URI=http://localhost:8000/api/v1/auth/teams/connector/callback
-
-# -- Microsoft OneDrive --
-# ONEDRIVE_CLIENT_ID=
-# ONEDRIVE_CLIENT_SECRET=
 # ONEDRIVE_REDIRECT_URI=http://localhost:8000/api/v1/auth/onedrive/connector/callback

 # -- Composio --
--- a/surfsense_backend/.env.example
+++ b/surfsense_backend/.env.example
@ -95,14 +95,10 @@ SLACK_CLIENT_ID=your_slack_client_id_here
 SLACK_CLIENT_SECRET=your_slack_client_secret_here
 SLACK_REDIRECT_URI=http://localhost:8000/api/v1/auth/slack/connector/callback

-# Microsoft Teams OAuth Configuration
-TEAMS_CLIENT_ID=your_teams_client_id_here
-TEAMS_CLIENT_SECRET=your_teams_client_secret_here
+# Microsoft OAuth (shared for Teams and OneDrive)
+MICROSOFT_CLIENT_ID=your_microsoft_client_id_here
+MICROSOFT_CLIENT_SECRET=your_microsoft_client_secret_here
 TEAMS_REDIRECT_URI=http://localhost:8000/api/v1/auth/teams/connector/callback
-
-# Microsoft OneDrive OAuth
-ONEDRIVE_CLIENT_ID=your_onedrive_client_id_here
-ONEDRIVE_CLIENT_SECRET=your_onedrive_client_secret_here
 ONEDRIVE_REDIRECT_URI=http://localhost:8000/api/v1/auth/onedrive/connector/callback

 # Composio Connector
--- a/surfsense_backend/app/config/init.py
+++ b/surfsense_backend/app/config/init.py
@ -281,14 +281,10 @@ class Config:
    DISCORD_REDIRECT_URI = os.getenv("DISCORD_REDIRECT_URI")
    DISCORD_BOT_TOKEN = os.getenv("DISCORD_BOT_TOKEN")

-    # Microsoft Teams OAuth
-    TEAMS_CLIENT_ID = os.getenv("TEAMS_CLIENT_ID")
-    TEAMS_CLIENT_SECRET = os.getenv("TEAMS_CLIENT_SECRET")
+    # Microsoft OAuth (shared for Teams and OneDrive)
+    MICROSOFT_CLIENT_ID = os.getenv("MICROSOFT_CLIENT_ID")
+    MICROSOFT_CLIENT_SECRET = os.getenv("MICROSOFT_CLIENT_SECRET")
    TEAMS_REDIRECT_URI = os.getenv("TEAMS_REDIRECT_URI")
-
-    # Microsoft OneDrive OAuth
-    ONEDRIVE_CLIENT_ID = os.getenv("ONEDRIVE_CLIENT_ID")
-    ONEDRIVE_CLIENT_SECRET = os.getenv("ONEDRIVE_CLIENT_SECRET")
    ONEDRIVE_REDIRECT_URI = os.getenv("ONEDRIVE_REDIRECT_URI")

    # ClickUp OAuth
--- a/surfsense_backend/app/connectors/onedrive/client.py
+++ b/surfsense_backend/app/connectors/onedrive/client.py
@ -98,8 +98,8 @@ class OneDriveClient:

    async def _refresh_token(self, refresh_token: str) -> dict:
        data = {
-            "client_id": config.ONEDRIVE_CLIENT_ID,
-            "client_secret": config.ONEDRIVE_CLIENT_SECRET,
+            "client_id": config.MICROSOFT_CLIENT_ID,
+            "client_secret": config.MICROSOFT_CLIENT_SECRET,
            "grant_type": "refresh_token",
            "refresh_token": refresh_token,
            "scope": "offline_access User.Read Files.Read.All Files.ReadWrite.All",
--- a/surfsense_backend/app/routes/onedrive_add_connector_route.py
+++ b/surfsense_backend/app/routes/onedrive_add_connector_route.py
@ -78,7 +78,7 @@ async def connect_onedrive(space_id: int, user: User = Depends(current_active_us
    try:
        if not space_id:
            raise HTTPException(status_code=400, detail="space_id is required")
-        if not config.ONEDRIVE_CLIENT_ID:
+        if not config.MICROSOFT_CLIENT_ID:
            raise HTTPException(status_code=500, detail="Microsoft OneDrive OAuth not configured.")
        if not config.SECRET_KEY:
            raise HTTPException(status_code=500, detail="SECRET_KEY not configured for OAuth security.")
@ -87,7 +87,7 @@ async def connect_onedrive(space_id: int, user: User = Depends(current_active_us
        state_encoded = state_manager.generate_secure_state(space_id, user.id)

        auth_params = {
-            "client_id": config.ONEDRIVE_CLIENT_ID,
+            "client_id": config.MICROSOFT_CLIENT_ID,
            "response_type": "code",
            "redirect_uri": config.ONEDRIVE_REDIRECT_URI,
            "response_mode": "query",
@ -138,7 +138,7 @@ async def reauth_onedrive(
        state_encoded = state_manager.generate_secure_state(space_id, user.id, **extra)

        auth_params = {
-            "client_id": config.ONEDRIVE_CLIENT_ID,
+            "client_id": config.MICROSOFT_CLIENT_ID,
            "response_type": "code",
            "redirect_uri": config.ONEDRIVE_REDIRECT_URI,
            "response_mode": "query",
@ -200,8 +200,8 @@ async def onedrive_callback(
        reauth_return_url = data.get("return_url")

        token_data = {
-            "client_id": config.ONEDRIVE_CLIENT_ID,
-            "client_secret": config.ONEDRIVE_CLIENT_SECRET,
+            "client_id": config.MICROSOFT_CLIENT_ID,
+            "client_secret": config.MICROSOFT_CLIENT_SECRET,
            "code": code,
            "redirect_uri": config.ONEDRIVE_REDIRECT_URI,
            "grant_type": "authorization_code",
@ -416,8 +416,8 @@ async def refresh_onedrive_token(
        raise HTTPException(status_code=400, detail=f"No refresh token available for connector {connector.id}")

    refresh_data = {
-        "client_id": config.ONEDRIVE_CLIENT_ID,
-        "client_secret": config.ONEDRIVE_CLIENT_SECRET,
+        "client_id": config.MICROSOFT_CLIENT_ID,
+        "client_secret": config.MICROSOFT_CLIENT_SECRET,
        "grant_type": "refresh_token",
        "refresh_token": refresh_token,
        "scope": " ".join(SCOPES),
--- a/surfsense_backend/app/routes/teams_add_connector_route.py
+++ b/surfsense_backend/app/routes/teams_add_connector_route.py
@ -88,7 +88,7 @@ async def connect_teams(space_id: int, user: User = Depends(current_active_user)
        if not space_id:
            raise HTTPException(status_code=400, detail="space_id is required")

-        if not config.TEAMS_CLIENT_ID:
+        if not config.MICROSOFT_CLIENT_ID:
            raise HTTPException(
                status_code=500, detail="Microsoft Teams OAuth not configured."
            )
@ -106,7 +106,7 @@ async def connect_teams(space_id: int, user: User = Depends(current_active_user)
        from urllib.parse import urlencode

        auth_params = {
-            "client_id": config.TEAMS_CLIENT_ID,
+            "client_id": config.MICROSOFT_CLIENT_ID,
            "response_type": "code",
            "redirect_uri": config.TEAMS_REDIRECT_URI,
            "response_mode": "query",
@ -181,8 +181,8 @@ async def teams_callback(

        # Exchange authorization code for access token
        token_data = {
-            "client_id": config.TEAMS_CLIENT_ID,
-            "client_secret": config.TEAMS_CLIENT_SECRET,
+            "client_id": config.MICROSOFT_CLIENT_ID,
+            "client_secret": config.MICROSOFT_CLIENT_SECRET,
            "code": code,
            "redirect_uri": config.TEAMS_REDIRECT_URI,
            "grant_type": "authorization_code",
@ -403,8 +403,8 @@ async def refresh_teams_token(

    # Microsoft uses oauth2/v2.0/token for token refresh
    refresh_data = {
-        "client_id": config.TEAMS_CLIENT_ID,
-        "client_secret": config.TEAMS_CLIENT_SECRET,
+        "client_id": config.MICROSOFT_CLIENT_ID,
+        "client_secret": config.MICROSOFT_CLIENT_SECRET,
        "grant_type": "refresh_token",
        "refresh_token": refresh_token,
        "scope": " ".join(SCOPES),