You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OAuth /authorize 404 with some clients (e.g. Microsoft Copilot Studio). The login strategy distinguished initiate vs validate by the login cookie alone, so re-hitting /authorize while the short-lived login cookie was set made passport fall through to a 404. /authorize now always redirects to login; the cookie is only consumed at /callback. Existing clients (Claude, DCR) are unaffected.
setup.sh: the generated Caddyfile now routes /callback and /revoke to the backend (the OAuth authorization code is issued at /callback).