The IdpTokenRefresher was incorrectly using overwrite.cli.url (the
external URL like http://localhost:8080) for internal token refresh
requests. This URL is not accessible from inside Docker containers
since port 8080 is only mapped on the host machine.
Changed getNextcloudBaseUrl() to:
- Always use http://localhost (internal port 80) by default
- Added optional astrolabe_internal_url config for custom setups
- Removed overwrite.cli.url usage (intended for external URLs only)
This fixes 401 errors in Astrolabe semantic search when OAuth tokens
need to be refreshed in containerized deployments.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
In hybrid mode (multi_user_basic + offline_access), users need BOTH:
- OAuth token for Astrolabe→MCP API calls
- App password for MCP→Nextcloud background sync
Changes:
- Personal.php: Pass correct oauthUrl pointing to Astrolabe's OAuth
controller instead of MCP server's browser OAuth. Check both OAuth
token AND app password status in hybrid mode.
- personal.php template: Show two-step workflow UI requiring both
credentials before showing "Active" status. Each step shows
completion badges.
- IdpTokenRefresher.php: Use http://localhost for internal token
refresh requests (consistent with OAuthController). External URLs
like localhost:8080 don't work from inside the container.
Fixes 401 errors when searching in Astrolabe with hybrid deployment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Chris Coutinho