alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-04-24-microsoft-email-hosted-oauth-fallback/SCRATCHPAD.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

2.7 KiB
Raw Permalink Blame History

Scratchpad

2026-04-24

  • Confirmed MSP SSO domain revocation is not the right fix for Microsoft 365 inbound email OAuth.
  • revokeMspSsoDomainClaim sets claim_status = 'revoked' but leaves is_active = true; MSP SSO discovery still treats revoked EE claims as ineligible and falls back to app-level SSO providers.
  • Microsoft inbound email uses resolveMicrosoftConsumerProfileConfig(tenant, 'email') in OAuth initiation, callback, and token refresh.
  • Current resolver returns not_configured when no Email binding exists, so the included hosted/Nine Minds Microsoft email OAuth app is never used by the active server-action path.
  • Decision: add hosted app-level fallback inside the shared integrations resolver for consumerType === 'email' only when no explicit binding exists. Do not fallback for invalid explicit bindings.
  • Additional discovery: initiateEmailOAuth validates a provider after the form creates the email_providers row. The legacy binding migration could interpret that just-created row as legacy usage and auto-bind Email to the tenant's only Microsoft profile. To avoid forcing tenants onto an SSO-oriented app, Email binding migration now requires legacy tenant Microsoft client credentials, not just a Microsoft email provider row.

Key files:

  • packages/integrations/src/lib/microsoftConsumerProfileResolution.ts
  • packages/integrations/src/actions/integrations/microsoftActions.ts
  • packages/integrations/src/actions/email-actions/oauthActions.ts
  • server/src/app/api/auth/microsoft/callback/route.ts
  • server/src/services/email/providers/MicrosoftGraphAdapter.ts
  • packages/integrations/src/lib/microsoftConsumerProfileResolution.test.ts
  • server/src/test/unit/microsoft/microsoftConsumerRuntimeResolution.contract.test.ts

Validation:

  • PASS: cd server && npx vitest run --coverage.enabled=false ../packages/integrations/src/lib/microsoftConsumerProfileResolution.test.ts
  • PASS with warnings only: npx eslint packages/integrations/src/lib/microsoftConsumerProfileResolution.ts packages/integrations/src/lib/microsoftConsumerProfileResolution.test.ts packages/integrations/src/actions/integrations/microsoftActions.ts
  • Existing unrelated failures observed when running broader suites:
    • server/src/test/unit/microsoft/microsoftConsumerRuntimeResolution.contract.test.ts expects calendar EE action implementation in packages/ee/src/lib/actions/integrations/calendarActions.ts, but this branch currently has a CE stub export there.
    • packages/integrations/src/actions/integrations/microsoftActions.test.ts has edition-visibility failures in this environment where isEnterprise is statically resolved rather than following per-test NEXT_PUBLIC_EDITION changes.