fix connector issues

Author: Adityav369

ee/config.py

@@ -69,4 +69,36 @@ def get_ee_settings() -> EESettings:
     if config_from_toml.get("GOOGLE_TOKEN_STORAGE_PATH"):
         settings_kwargs["GOOGLE_TOKEN_STORAGE_PATH"] = config_from_toml["GOOGLE_TOKEN_STORAGE_PATH"]
 
+    # -------------------------------------------------------------------------
+    # Derive a sensible default GOOGLE_REDIRECT_URI based on the *core* config.
+    #   • If the value has already been provided via env or ee.toml we leave it
+    #     untouched (handled above).
+    #   • Otherwise we look at the global Morphik MODE setting.  In **cloud**
+    #     mode the public API is expected to be served from the configured
+    #     `API_DOMAIN` (default: api.morphik.ai).  For **self_hosted** mode we
+    #     fall back to the traditional localhost development URI.
+    # -------------------------------------------------------------------------
+    if "GOOGLE_REDIRECT_URI" not in settings_kwargs:
+        try:
+            # Import lazily to avoid any potential circular dependency issues
+            from core.config import get_settings  # pylint: disable=import-error
+
+            core_settings = get_settings()
+
+            if getattr(core_settings, "MODE", "self_hosted") == "cloud":
+                api_domain = getattr(core_settings, "API_DOMAIN", "api.morphik.ai")
+                derived_redirect = f"https://{api_domain}/ee/connectors/google_drive/oauth2callback"
+            else:
+                # Default for local/self-hosted development
+                derived_redirect = "http://localhost:8000/ee/connectors/google_drive/oauth2callback"
+
+            settings_kwargs["GOOGLE_REDIRECT_URI"] = derived_redirect
+        except Exception:
+            # In case the core settings cannot be loaded for any reason we keep
+            # the safe localhost default to avoid breaking startup.
+            settings_kwargs.setdefault(
+                "GOOGLE_REDIRECT_URI",
+                "http://localhost:8000/ee/connectors/google_drive/oauth2callback",
+            )
+
     return EESettings(**settings_kwargs)

ee/routers/connectors_router.py

@@ -82,17 +82,20 @@ async def get_auth_status_for_connector(
         raise HTTPException(status_code=500, detail="An internal server error occurred.")
 
 
-@router.get("/{connector_type}/auth/initiate")  # No specific response model, as it redirects
-async def initiate_connector_authentication(
-    request: Request,  # FastAPI Request object to access session
+@router.get("/{connector_type}/auth/initiate_url", response_model=Dict[str, str])
+async def get_initiate_auth_url(
+    request: Request,
     connector_type: str,
-    app_redirect_uri: Optional[str] = None,  # New parameter for frontend redirect
+    app_redirect_uri: Optional[str] = None,
     service: ConnectorService = Depends(get_connector_service),
 ):
+    """Return the provider's *authorization_url* for the given connector.
+
+    The method mirrors the logic of the `/auth/initiate` endpoint but sends a
+    JSON payload instead of a redirect so that browsers can stay on the same
+    origin until they intentionally navigate away.
     """
-    Initiates the OAuth 2.0 authentication flow for the specified connector.
-    Stores state in session and redirects user to the provider's authorization URL.
-    """
+
     try:
         connector = await service.get_connector(connector_type)
         auth_details = await connector.initiate_auth()
@@ -102,42 +105,32 @@ async def initiate_connector_authentication(
 
         if not authorization_url or not state:
             logger.error(
-                f"Connector '{connector_type}' did not return authorization URL or state "
-                f"for user '{service.user_identifier}'."
+                "Connector '%s' did not return authorization URL or state for user '%s'.",
+                connector_type,
+                service.user_identifier,
             )
             raise HTTPException(status_code=500, detail="Failed to initiate authentication with the provider.")
 
-        # Store state and connector type in session for later validation in the callback
+        # Store state and connector type in session for later validation.
         request.session["oauth_state"] = state
         request.session["connector_type_for_callback"] = connector_type
         if app_redirect_uri:
             request.session["app_redirect_uri"] = app_redirect_uri
-            logger.info(f"Stored app_redirect_uri in session: {app_redirect_uri}")
 
-        logger.info(
-            f"Initiating auth for '{connector_type}' for user '{service.user_identifier}'. "
-            f"Redirecting to: {authorization_url[:70]}..."
-        )
-        return RedirectResponse(url=authorization_url)
+        logger.info("Prepared auth URL for '%s' for user '%s'.", connector_type, service.user_identifier)
+
+        return {"authorization_url": authorization_url}
 
-    except ValueError as ve:  # Raised by get_connector for unsupported type or by connector for config issues
-        logger.warning(f"Auth initiation for '{connector_type}' failed: {ve} for user '{service.user_identifier}'")
-        # Determine if it's a 404 (unsupported) or 500 (config error within connector)
+    except ValueError as ve:
+        logger.warning("Auth URL preparation for '%s' failed: %s", connector_type, ve)
         if "Unsupported connector type" in str(ve):
             raise HTTPException(status_code=404, detail=str(ve))
-        else:
-            # E.g. Google Client ID/Secret not configured in GoogleDriveConnector
-            raise HTTPException(
-                status_code=500, detail=f"Configuration error for connector '{connector_type}': {str(ve)}"
-            )
+        raise HTTPException(status_code=500, detail=str(ve))
     except NotImplementedError:
-        logger.error(f"Connector '{connector_type}' is not fully implemented for auth initiation.")
         raise HTTPException(status_code=501, detail=f"Connector '{connector_type}' not fully implemented.")
-    except Exception as e:
-        logger.exception(
-            f"Error initiating auth for connector '{connector_type}' for user '{service.user_identifier}': {e}"
-        )
-        raise HTTPException(status_code=500, detail="Internal server error initiating authentication.")
+    except Exception as exc:
+        logger.exception("Error preparing auth URL for '%s': %s", connector_type, exc)
+        raise HTTPException(status_code=500, detail="Internal server error preparing authentication URL.")
 
 
 @router.get("/{connector_type}/oauth2callback")

ee/ui-component/components/connectors/ConnectorCard.tsx

@@ -69,7 +69,7 @@ export function ConnectorCard({
       const connectionsSectionUrl = new URL(window.location.origin);
       connectionsSectionUrl.pathname = "/"; // Ensure we are at the root path
       connectionsSectionUrl.searchParams.set("section", "connections");
-      initiateConnectorAuth(apiBaseUrl, connectorType, connectionsSectionUrl.toString());
+      initiateConnectorAuth(apiBaseUrl, connectorType, connectionsSectionUrl.toString(), authToken);
     } catch (err) {
       setError(err instanceof Error ? err.message : "Failed to initiate connection.");
       setIsSubmitting(false);

ee/ui-component/lib/connectorsApi.ts

@@ -27,20 +27,53 @@ export async function getConnectorAuthStatus(
 
 // Initiates the authentication process by redirecting the user
 // The backend will handle the actual redirect to the OAuth provider
-export function initiateConnectorAuth(
+export async function initiateConnectorAuth(
   apiBaseUrl: string,
   connectorType: string,
-  appRedirectUri: string
-  // authToken is not typically needed for the initiation step if it's a redirect-based flow
-  // and the backend establishes session/cookie upon callback.
-  // If token IS needed by this specific /initiate endpoint, it would be added here.
-): void {
-  // The backend /auth/initiate endpoint itself performs a redirect.
-  // So, navigating to it will trigger the OAuth flow.
-  // We add the app_redirect_uri for the backend to use after successful callback.
-  const initiateUrl = new URL(`${apiBaseUrl}/ee/connectors/${connectorType}/auth/initiate`);
-  initiateUrl.searchParams.append("app_redirect_uri", appRedirectUri);
-  window.location.href = initiateUrl.toString();
+  appRedirectUri: string,
+  authToken: string | null
+): Promise<void> {
+  // Use the *initiate_url* helper which returns a JSON payload containing the
+  // provider's authorization_url.  This avoids CORS issues with opaque
+  // redirects when the backend directly issues a 30x to a third-party domain.
+
+  const helperUrl = new URL(`${apiBaseUrl}/ee/connectors/${connectorType}/auth/initiate_url`);
+  helperUrl.searchParams.append("app_redirect_uri", appRedirectUri);
+
+  try {
+    const resp = await fetch(helperUrl.toString(), {
+      method: "GET",
+      headers: {
+        ...(authToken ? { Authorization: `Bearer ${authToken}` } : {}),
+      },
+      credentials: "include",
+    });
+
+    if (!resp.ok) {
+      let detail = "";
+      try {
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+        const errBody = await resp.json();
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        detail = (errBody as any)?.detail || "";
+      } catch {
+        /* ignore */
+      }
+      throw new Error(`Failed to initiate auth flow: ${resp.status} ${resp.statusText} ${detail}`);
+    }
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const data: { authorization_url: string } = await resp.json();
+    if (!data.authorization_url) {
+      throw new Error("Backend did not return authorization_url");
+    }
+
+    // Finally navigate to the provider's OAuth consent page
+    window.location.href = data.authorization_url;
+  } catch (err) {
+    console.error("Error initiating connector auth:", err);
+    throw err;
+  }
 }
 
 // Disconnects a connector for the current user

ee/ui-component/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@morphik/ui",
-  "version": "0.2.10",
+  "version": "0.2.11",
   "private": true,
   "description": "Modern UI component for Morphik - A powerful document processing and querying system",
   "author": "Morphik Team",